Your message dated Tue, 17 Nov 2009 08:50:32 +0100
with message-id <[email protected]>
and subject line Re: Bug#553589: CVE-2009-3616: Multiple use-after-free
vulnerabilities in vnc.c
has caused the Debian Bug report #553589,
regarding CVE-2009-3616: Multiple use-after-free vulnerabilities in vnc.c
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
553589: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=553589
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: qemu
Version: 0.10.6-1
Severity: grave
Tags: security
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for qemu.
CVE-2009-3616[0]:
| Multiple use-after-free vulnerabilities in vnc.c in the VNC server in
| QEMU 0.10.6 and earlier might allow guest OS users to execute
| arbitrary code on the host OS by establishing a connection from a VNC
| client and then (1) disconnecting during data transfer, (2) sending a
| message using incorrect integer data types, or (3) using the Fuzzy
| Screen Mode protocol, related to double free vulnerabilities.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3616
http://security-tracker.debian.org/tracker/CVE-2009-3616
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkrtXlEACgkQNxpp46476ao3NgCdGPnMHfTITK7HUXeruU2ZGG/2
bsEAn2GLZX9LZxbBxn6T+lwsQ/yjX/8R
=F/Fd
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
Version: 0.11.0-1
On Sun, Nov 01, 2009 at 11:09:27AM +0100, Giuseppe Iuculano wrote:
> Package: qemu
> Version: 0.10.6-1
> Severity: grave
> Tags: security
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi,
> the following CVE (Common Vulnerabilities & Exposures) id was
> published for qemu.
>
> CVE-2009-3616[0]:
> | Multiple use-after-free vulnerabilities in vnc.c in the VNC server in
> | QEMU 0.10.6 and earlier might allow guest OS users to execute
> | arbitrary code on the host OS by establishing a connection from a VNC
> | client and then (1) disconnecting during data transfer, (2) sending a
> | message using incorrect integer data types, or (3) using the Fuzzy
> | Screen Mode protocol, related to double free vulnerabilities.
>
> If you fix the vulnerability please also make sure to include the
> CVE id in your changelog entry.
>
> For further information see:
>
> [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3616
> http://security-tracker.debian.org/tracker/CVE-2009-3616
>
The version 0.11.0-1 currently in unstable is not vulnerable to this
security issue. Marking the bug has fixed.
--
Aurelien Jarno GPG: 1024D/F1BCDB73
[email protected] http://www.aurel32.net
--- End Message ---
