Your message dated Mon, 31 May 2010 22:03:07 +0200
with message-id <[email protected]>
and subject line package removed
has caused the Debian Bug report #490411,
regarding CVE-2008-2004: privilege escalation
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
490411: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=490411
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: xen-unstable
Severity: grave
Tags: security
Justification: user security hole
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for xen-unstable.
CVE-2008-2004[0]:
| The drive_init function in QEMU 0.9.1 determines the format of a raw
| disk image based on the header, which allows local guest users to read
| arbitrary files on the host by modifying the header to identify a
| different format, which is used when the guest is restarted.
The patch for qemu can be found here[1].
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2004
http://security-tracker.debian.net/tracker/CVE-2008-2004
[1]
http://svn.savannah.gnu.org/viewvc/trunk/vl.c?root=qemu&r1=4277&r2=4276&pathrev=4277
--- End Message ---
--- Begin Message ---
The xen-unstable package has been removed from the archives.
--- End Message ---
