Bug#594478: marked as done (CVE-2010-2784: insufficient constraints checking in exec.c:subpage_register())

Debian Bug Tracking System Wed, 08 Sep 2010 02:33:34 -0700

Your message dated Wed, 08 Sep 2010 09:32:28 +0000
with message-id <[email protected]>
and subject line Bug#594478: fixed in qemu-kvm 0.12.5+dfsg-3
has caused the Debian Bug report #594478,
regarding CVE-2010-2784: insufficient constraints checking in 
exec.c:subpage_register()
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
594478: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=594478
Debian Bug Tracking System
Contact [email protected] with problems

--- Begin Message ---

Package: qemu-kvm
Severity: grave
Tags: security
Justification: user security hole

This has been assigned CVE-2010-2784. Please see here for
references and a patch:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-2784
http://www.spinics.net/lists/kvm/msg39173.html

Cheers,
        Moritz

-- System Information:
Debian Release: 5.0.1
Architecture: amd64 (x86_64)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.30-ucs34-amd64
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)

--- End Message ---

--- Begin Message ---

Source: qemu-kvm
Source-Version: 0.12.5+dfsg-3

We believe that the bug you reported is fixed in the latest version of
qemu-kvm, which is due to be installed in the Debian FTP archive:

kvm_0.12.5+dfsg-3_amd64.deb
  to main/q/qemu-kvm/kvm_0.12.5+dfsg-3_amd64.deb
qemu-kvm-dbg_0.12.5+dfsg-3_amd64.deb
  to main/q/qemu-kvm/qemu-kvm-dbg_0.12.5+dfsg-3_amd64.deb
qemu-kvm_0.12.5+dfsg-3.diff.gz
  to main/q/qemu-kvm/qemu-kvm_0.12.5+dfsg-3.diff.gz
qemu-kvm_0.12.5+dfsg-3.dsc
  to main/q/qemu-kvm/qemu-kvm_0.12.5+dfsg-3.dsc
qemu-kvm_0.12.5+dfsg-3_amd64.deb
  to main/q/qemu-kvm/qemu-kvm_0.12.5+dfsg-3_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Jan Lübbe <[email protected]> (supplier of updated qemu-kvm package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sat, 04 Sep 2010 19:29:59 +0200
Source: qemu-kvm
Binary: qemu-kvm qemu-kvm-dbg kvm
Architecture: source amd64
Version: 0.12.5+dfsg-3
Distribution: unstable
Urgency: medium
Maintainer: Jan Lübbe <[email protected]>
Changed-By: Jan Lübbe <[email protected]>
Description: 
 kvm        - dummy transitional package from kvm to qemu-kvm
 qemu-kvm   - Full virtualization on x86 hardware
 qemu-kvm-dbg - Debugging info for qemu-kvm
Closes: 594478
Changes: 
 qemu-kvm (0.12.5+dfsg-3) unstable; urgency=medium
 .
   [ Michael Tokarev ]
   * CVE-2010-2784-fix-segfault-in-mmio-subpage-handling-code.diff
     (closes: #594478)
Checksums-Sha1: 
 0067759700234a077a497a8d817120f5bc96d4d2 1649 qemu-kvm_0.12.5+dfsg-3.dsc
 7eaac13783d2a2c3f01340714966bcff06a0467c 303459 qemu-kvm_0.12.5+dfsg-3.diff.gz
 6cd4ac6916b54b9b5b91e2bbd6e07acda355117e 1615734 
qemu-kvm_0.12.5+dfsg-3_amd64.deb
 e0039a247283ec81d69b52a181d34c5d281a82ab 2817298 
qemu-kvm-dbg_0.12.5+dfsg-3_amd64.deb
 fd618defe0b5566ba5231d6a61caa12dfa8ad093 11776 kvm_0.12.5+dfsg-3_amd64.deb
Checksums-Sha256: 
 29bdb33167ca7e7ea5475929b01e23531b6801df456ddeb1cca8d8bfbfdfb9e5 1649 
qemu-kvm_0.12.5+dfsg-3.dsc
 58347730d6d32229c7fec19649ac7671cf03946747a6efc8eac9e47e9207a5a6 303459 
qemu-kvm_0.12.5+dfsg-3.diff.gz
 d733789aee1db9bad31f8bee2df00981cc119963b2a088981426086ef2ddffa2 1615734 
qemu-kvm_0.12.5+dfsg-3_amd64.deb
 4eb3b545e0245e43404d67b0fc3b46895fc00c0df96040f45c30b57907f0f69e 2817298 
qemu-kvm-dbg_0.12.5+dfsg-3_amd64.deb
 aaaf0f12844b55b3e930553c7db509e2758fbb71a4ddd7ae0a37199cb70919ef 11776 
kvm_0.12.5+dfsg-3_amd64.deb
Files: 
 8cfb95e8749e642a904c1356cd0fd41b 1649 misc optional qemu-kvm_0.12.5+dfsg-3.dsc
 c529f8c9c6b18574fa97cd098e21e83f 303459 misc optional 
qemu-kvm_0.12.5+dfsg-3.diff.gz
 56113e68c31bf994b2d23f7942351921 1615734 misc optional 
qemu-kvm_0.12.5+dfsg-3_amd64.deb
 7a0234b145df692bc6612dd815370575 2817298 debug extra 
qemu-kvm-dbg_0.12.5+dfsg-3_amd64.deb
 2c8c5b38ed16b7313946a45318302fd5 11776 oldlibs extra 
kvm_0.12.5+dfsg-3_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkyHVB4ACgkQioOL5NhIDy4VbQCgv2KptFZjSOCr/OdhpOauREyX
UkQAnRM7POym8omeBw8OU7dNBjPqhlvw
=r8l6
-----END PGP SIGNATURE-----

--- End Message ---

Bug#594478: marked as done (CVE-2010-2784: insufficient constraints checking in exec.c:subpage_register())

Reply via email to