Hi, On Wed, Aug 25, 2021 at 01:57:03PM +0000, Debian Bug Tracking System wrote: > This is an automatic notification regarding your Bug report > which was filed against the qemu package: > > #984449: CVE-2021-3392 > > It has been closed by Michael Tokarev <[email protected]>. > > Their explanation is attached below along with your original report. > If this explanation is unsatisfactory and you have not received a > better one in a separate message then please contact Michael Tokarev > <[email protected]> by > replying to this email. > > > -- > 984449: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984449 > Debian Bug Tracking System > Contact [email protected] with problems
> Date: Wed, 25 Aug 2021 16:55:01 +0300 > From: Michael Tokarev <[email protected]> > To: [email protected] > Subject: Fixed by 5.2+dfsg-10 > User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 > Thunderbird/78.13.0 > Message-ID: <[email protected]> > > Version: 1:5.2+dfsg-10 > > This issue has been fixed by 5.2+dfsg-10 release, by this change: > > * mptsas-remove-unused-MPTSASState.pending-CVE-2021-3392.patch > fix possible use-after-free in mptsas_free_request > (Cloese: #984449, CVE-2021-3392) > > I dunno why it hasn't been closed automatically. There is a typo in the Closes marker, thus got not added to the Closes field. Thanks for notifying. Regards, Salvatore

