Your message dated Sun, 14 Jun 2015 16:04:46 +0000
with message-id <[email protected]>
and subject line Bug#788460: fixed in qemu 1.1.2+dfsg-6a+deb7u8
has caused the Debian Bug report #788460,
regarding qemu: CVE-2015-3209: heap overflow in QEMU PCNET controller (allowing
guest->host escape)
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
788460: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=788460
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: qemu
Version: 1.1.2+dfsg-1
Severity: grave
Tags: security upstream patch fixed-upstream
Hi Michael,
Filling a but to have a reference to the BTS.
the following vulnerability was published for qemu.
CVE-2015-3209[0]:
heap overflow in qemu pcnet controller allowing guest to host escape
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2015-3209
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1225882
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: qemu
Source-Version: 1.1.2+dfsg-6a+deb7u8
We believe that the bug you reported is fixed in the latest version of
qemu, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michael Tokarev <[email protected]> (supplier of updated qemu package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Fri, 12 Jun 2015 09:51:17 +0300
Source: qemu
Binary: qemu qemu-keymaps qemu-system qemu-user qemu-user-static qemu-utils
Architecture: source all amd64
Version: 1.1.2+dfsg-6a+deb7u8
Distribution: wheezy-security
Urgency: high
Maintainer: Debian QEMU Team <[email protected]>
Changed-By: Michael Tokarev <[email protected]>
Description:
qemu - fast processor emulator
qemu-keymaps - QEMU keyboard maps
qemu-system - QEMU full system emulation binaries
qemu-user - QEMU user mode emulation binaries
qemu-user-static - QEMU user mode emulation binaries (static version)
qemu-utils - QEMU utilities
Closes: 788460
Changes:
qemu (1.1.2+dfsg-6a+deb7u8) wheezy-security; urgency=high
.
* slirp-use-less-predictable-directory-name-in-tmp-CVE-2015-4037.patch
(Closes: CVE-2015-4037)
* pcnet-force-buffer-access-to-be-in-bounds-CVE-2015-3209.patch
with preparation bugfix pcnet-fix-negative-array-index-read.patch
from upstream (Closes: #788460 CVE-2015-3209)
Checksums-Sha1:
a2012aa32a00dbad08f32fc0b369e2d09bb23db1 2617 qemu_1.1.2+dfsg-6a+deb7u8.dsc
f443b8471ef83a30a37e2e0706b166adc930b9dc 108618
qemu_1.1.2+dfsg-6a+deb7u8.debian.tar.gz
162b1da4fa7f6076d418f9904a288852d5642590 49748
qemu-keymaps_1.1.2+dfsg-6a+deb7u8_all.deb
f54dd94ff53dbf5854710cf18e5c4e8911ab4adf 114922
qemu_1.1.2+dfsg-6a+deb7u8_amd64.deb
8a286ad4dfc9c9354ee78397ebe348595c3e1f1b 27895620
qemu-system_1.1.2+dfsg-6a+deb7u8_amd64.deb
7225a3acadee9434d4e4491c22b9538c55a11430 7722504
qemu-user_1.1.2+dfsg-6a+deb7u8_amd64.deb
e4cf5a486310f6f91ef5daacaa79ce89be4f51be 16568620
qemu-user-static_1.1.2+dfsg-6a+deb7u8_amd64.deb
ac7df09875f18c282ddd5839883ec58181f67e0e 664134
qemu-utils_1.1.2+dfsg-6a+deb7u8_amd64.deb
Checksums-Sha256:
61df2f29049c88321e3bb158d4ef8e6ad011f3f14978b63f4a5bf516bd2fb9df 2617
qemu_1.1.2+dfsg-6a+deb7u8.dsc
64c651723920a5c8049dc9fd8fa3f2e4968357d0a27ed5f2036d2b1321db736b 108618
qemu_1.1.2+dfsg-6a+deb7u8.debian.tar.gz
3cfea08206944dbfaf89cd8d22e6bec5b0aa4f96275874432e222710e72541df 49748
qemu-keymaps_1.1.2+dfsg-6a+deb7u8_all.deb
7062669b92c8b8d44ad5d36e8550a524f8a3373f254d83ae10d2473e84d830d0 114922
qemu_1.1.2+dfsg-6a+deb7u8_amd64.deb
d9cee00affc451520fdbde36969b3e6c8c3c23e6cce81dbd7c1e8ee905b9c0ba 27895620
qemu-system_1.1.2+dfsg-6a+deb7u8_amd64.deb
5a038483a223e94172588de81b8aae420a1ef5450d35ed1018e3ed1dfa12f82f 7722504
qemu-user_1.1.2+dfsg-6a+deb7u8_amd64.deb
2054d486f8d2ffbfaaf452811e7d5980dd9d71d8b4f6db43f506ce1e611bd6cf 16568620
qemu-user-static_1.1.2+dfsg-6a+deb7u8_amd64.deb
0123e06345c495725c0a90f66b268048621e4253208098f7fac647289b781330 664134
qemu-utils_1.1.2+dfsg-6a+deb7u8_amd64.deb
Files:
7f44b295177319e21791c5d658180e77 2617 misc optional
qemu_1.1.2+dfsg-6a+deb7u8.dsc
d8b8752cafc1b8abe093b10792ebd93d 108618 misc optional
qemu_1.1.2+dfsg-6a+deb7u8.debian.tar.gz
347340cf034dc1e09eef476c885b12c4 49748 misc optional
qemu-keymaps_1.1.2+dfsg-6a+deb7u8_all.deb
f19d377bbec0ad48779f4ba8394550f1 114922 misc optional
qemu_1.1.2+dfsg-6a+deb7u8_amd64.deb
eabbf83a8705afbfab21bad06efce04b 27895620 misc optional
qemu-system_1.1.2+dfsg-6a+deb7u8_amd64.deb
bd12fa369e94c99c1f8b2d8895236929 7722504 misc optional
qemu-user_1.1.2+dfsg-6a+deb7u8_amd64.deb
7687652899d09dbaf5fc64964715ab32 16568620 misc optional
qemu-user-static_1.1.2+dfsg-6a+deb7u8_amd64.deb
42062b913212103ce087acc87bee7ba5 664134 misc optional
qemu-utils_1.1.2+dfsg-6a+deb7u8_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAEBAgAGBQJVepjUAAoJEL7lnXSkw9fb9GMIAJyK/K/2KbUf/c6j4V77xmFd
UybtzyHrqeQkvMzciAdgsm8O6+jmVOzNMrJXrMBzwz6DMnT6g8Ho2x2PIRIe0mxZ
DKgmASzmIDz0TDgcZApSfIEPOPK1Ri9VyhjKpINbmo4uwadIYIV+aNU+syAx80tY
7y0NRdaARNO2l75X1sfMneQ1O5fGZFWOkLojkWK9RWVdXRsP9XDkwZOjKsqX4Omc
dVasBCr4bZgi33+6aQI4iwwCGm5pEgQW3oUVDApaXAuca2aMy2DYzMKDInfYJr/a
m1kmnWgXD4QopGzJkRjSONiijw346ydjOCi+oJfDI9DmYbJcHoNcNFX2DVq+9go=
=8Lo7
-----END PGP SIGNATURE-----
--- End Message ---
