Bug#594478: marked as done (CVE-2010-2784: insufficient constraints checking in exec.c:subpage_register())

[Debian Bug Tracking System]

Your message dated Mon, 27 Sep 2010 14:02:29 +0000
with message-id <e1p0ehl-0008tm...@franck.debian.org>
and subject line Bug#594478: fixed in kvm 72+dfsg-5~lenny6
has caused the Debian Bug report #594478,
regarding CVE-2010-2784: insufficient constraints checking in 
exec.c:subpage_register()
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
594478: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=594478
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: qemu-kvm
Severity: grave
Tags: security
Justification: user security hole

This has been assigned CVE-2010-2784. Please see here for
references and a patch:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-2784
http://www.spinics.net/lists/kvm/msg39173.html

Cheers,
        Moritz

-- System Information:
Debian Release: 5.0.1
Architecture: amd64 (x86_64)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.30-ucs34-amd64
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)

--- End Message ---

--- Begin Message ---

Source: kvm
Source-Version: 72+dfsg-5~lenny6

We believe that the bug you reported is fixed in the latest version of
kvm, which is due to be installed in the Debian FTP archive:

kvm-source_72+dfsg-5~lenny6_all.deb
  to main/k/kvm/kvm-source_72+dfsg-5~lenny6_all.deb
kvm_72+dfsg-5~lenny6.diff.gz
  to main/k/kvm/kvm_72+dfsg-5~lenny6.diff.gz
kvm_72+dfsg-5~lenny6.dsc
  to main/k/kvm/kvm_72+dfsg-5~lenny6.dsc
kvm_72+dfsg-5~lenny6_amd64.deb
  to main/k/kvm/kvm_72+dfsg-5~lenny6_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 594...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Michael Tokarev <m...@tls.msk.ru> (supplier of updated kvm package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Thu, 09 Sep 2010 11:10:32 +0400
Source: kvm
Binary: kvm kvm-source
Architecture: source all amd64
Version: 72+dfsg-5~lenny6
Distribution: stable-proposed-updates
Urgency: medium
Maintainer: Jan Lübbe <jlue...@debian.org>
Changed-By: Michael Tokarev <m...@tls.msk.ru>
Description: 
 kvm        - Full virtualization on x86 hardware
 kvm-source - Source for the KVM driver
Closes: 594478
Changes: 
 kvm (72+dfsg-5~lenny6) stable-proposed-updates; urgency=medium
 .
   * Non-maintainer upload.
   * Fix segfault in mmio subpage handling code (CVE-2010-2784)
      (closes: #594478)
Checksums-Sha1: 
 d4420678aa791c6c340a038c501239ccf605f108 1349 kvm_72+dfsg-5~lenny6.dsc
 f2a36345737d2dd7dec0022c28f1659af970b8a6 51977 kvm_72+dfsg-5~lenny6.diff.gz
 ad5dc7fa92508f6c0a23aa6b9df33ebfd7c330e2 160124 
kvm-source_72+dfsg-5~lenny6_all.deb
 7088393c20a57d069abbd60e4664ec01743463d3 1105556 kvm_72+dfsg-5~lenny6_amd64.deb
Checksums-Sha256: 
 9fa51fd012eb9a69a2ea4e30601f3e903cefd05166221f95d144cb14bcc72c2c 1349 
kvm_72+dfsg-5~lenny6.dsc
 67df96bcd629e92f33a1a070d8cd3ac5ac8cbcbd348e10880ff4ffb5230a44fe 51977 
kvm_72+dfsg-5~lenny6.diff.gz
 52c501049274bd4df462bc80683cdd9bb14d3c44df2fe48e231b4792106cba20 160124 
kvm-source_72+dfsg-5~lenny6_all.deb
 4acb583e6e93853048f2a9c661a41eb7fc676f30fbed00680a9cd2120df10733 1105556 
kvm_72+dfsg-5~lenny6_amd64.deb
Files: 
 abb9813d8f9301e7adcd1d912cff6df5 1349 misc optional kvm_72+dfsg-5~lenny6.dsc
 090910507dfc6f4c61943a9d38147355 51977 misc optional 
kvm_72+dfsg-5~lenny6.diff.gz
 2b31237495c8a849fd1e3112bcf3930b 160124 misc optional 
kvm-source_72+dfsg-5~lenny6_all.deb
 e7a1df528e0db4797b49583a91184a38 1105556 misc optional 
kvm_72+dfsg-5~lenny6_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkyTUMEACgkQioOL5NhIDy7NkwCgiYPCJETrSmAMYxNqUSeLaCwZ
vl8An3aXJmKjGj4CxvNobrpjlFiUUboL
=+UVG
-----END PGP SIGNATURE-----

--- End Message ---