Your message dated Wed, 23 Aug 2023 05:58:33 +0000 with message-id <e1qygsz-00gcqn...@fasolo.debian.org> and subject line Bug#1041102: fixed in qemu 1:8.1.0+ds-1~exp1 has caused the Debian Bug report #1041102, regarding qemu: CVE-2023-3019 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1041102: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1041102 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: qemu X-Debbugs-CC: t...@security.debian.org Severity: normal Tags: security Hi, The following vulnerability was published for qemu. CVE-2023-3019[0]: e1000e: heap use-after-free in e1000e_write_packet_to_guest() https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=59243 Proposed upstream patch: https://lists.nongnu.org/archive/html/qemu-devel/2023-05/msg08310.html If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-3019 https://www.cve.org/CVERecord?id=CVE-2023-3019 Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---Source: qemu Source-Version: 1:8.1.0+ds-1~exp1 Done: Michael Tokarev <m...@tls.msk.ru> We believe that the bug you reported is fixed in the latest version of qemu, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1041...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Michael Tokarev <m...@tls.msk.ru> (supplier of updated qemu package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 23 Aug 2023 08:01:13 +0300 Source: qemu Architecture: source Version: 1:8.1.0+ds-1~exp1 Distribution: experimental Urgency: medium Maintainer: Debian QEMU Team <pkg-qemu-de...@lists.alioth.debian.org> Changed-By: Michael Tokarev <m...@tls.msk.ru> Closes: 1041102 Changes: qemu (1:8.1.0+ds-1~exp1) experimental; urgency=medium . * new upstream release Closes: #1041102, CVE-2023-3019 (NIC DMA reentrancy issue, problem class) Closes: CVE-2021-3750 (DMA MMIO reentrancy issue, problem class) * d/watch: change repack suffix to +ds * d/patches: remove patches applied upstream * disable-xen-on-x32.patch: refresh * d/copyright: stop stripping dtc/ and meson/, removed upstream * d/rules: replace --with-git-submodules=ignore with --disable-download * d/control: build-depend on python3-venv * d/control: bump minimum meson version to 0.63.0 * d/control: build-depend on seabios & qemu-system-data for the testsuite. qemu testsuite runs qemu-system binaries which require firmware even for simple tests * d/rules: run `make check-block' after the main build, as a minimal test for now * qemu-img-omit-errno-value-in-error-message.patch fixes check-block tests on mips* where errno values are different from other architectures. * late fix for 8.1 linux-user-Adjust-brk-for-load_bias.patch Checksums-Sha1: c3da164c3e7fc6e5fc2d4c3a8255bf915160d15b 7780 qemu_8.1.0+ds-1~exp1.dsc e23f81d2e6b5869c445e2a3b44cb6b2f84e71d57 39854740 qemu_8.1.0+ds.orig.tar.xz 1804bb6ddd2a9d35e1e4935fa8be3b2b826f26d0 108176 qemu_8.1.0+ds-1~exp1.debian.tar.xz 6bedce92788fc6f82ff801c8a611d0a7566e344d 14226 qemu_8.1.0+ds-1~exp1_source.buildinfo Checksums-Sha256: 942721c336e14d423cd75d7f0ff5439053450496a12d8778aa93a45adbe174e9 7780 qemu_8.1.0+ds-1~exp1.dsc 61f6a4a89d884b467679392e0648a8ce9444927550fcd3613cf5697f42ffc053 39854740 qemu_8.1.0+ds.orig.tar.xz 83f26d70696b17e930962ba6c35fc954483b92dee250df7740fef26916ff4c32 108176 qemu_8.1.0+ds-1~exp1.debian.tar.xz eb7c66da543fa5667ef9919e640d89f3db1a23d24e7c741d60465c3e8706341d 14226 qemu_8.1.0+ds-1~exp1_source.buildinfo Files: 81f44dbabb708781f5835a116661e47f 7780 otherosfs optional qemu_8.1.0+ds-1~exp1.dsc 3db993175444c3232e8b438c8068a9e5 39854740 otherosfs optional qemu_8.1.0+ds.orig.tar.xz 74ac0dca55cf80f9200c999e57d11d0a 108176 otherosfs optional qemu_8.1.0+ds-1~exp1.debian.tar.xz 5a89a1063507240d70a8a49d874efc86 14226 otherosfs optional qemu_8.1.0+ds-1~exp1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQFDBAEBCgAtFiEEe3O61ovnosKJMUsicBtPaxppPlkFAmTllWsPHG1qdEB0bHMu bXNrLnJ1AAoJEHAbT2saaT5ZfXQH/0UIqzlIIhxNhvfTU61nbhkBwW7Mu2u46TL+ aB4qYsfB4GLtGqjq2lOYw41exvASdVtLsTxQxwukER9J7SN+K9Am5SKZtqkPFGCA XqspvRTok30QEKV4yF1qQvgsaukmHz+OHoxqEzAJ7LNv5ABFrig2FwhqlCD+8wRm IFFhAjuZfGkM5WlDVpAhm30MaSEXJbRzdz/3BohEDfdOBbOQqb5FaGz4zRh4EX64 amcXD4g3AqrtOj1jmw2vfQRTjCmfo3smOv/hDlIVIKU7dMDGRlJ/V5D9Sqql7Ljw ObUw34/nrYOQZIUkLMkx6zM5NZ6lpbRmmB6ym/VnbMZZxJiN5vc= =17QG -----END PGP SIGNATURE-----
--- End Message ---
