Your message dated Sun, 01 Oct 2023 19:42:34 +0000 with message-id <e1qn2ko-000gxw...@fasolo.debian.org> and subject line Bug#1051899: fixed in qemu 1:8.1.1+ds-1 has caused the Debian Bug report #1051899, regarding qemu: CVE-2023-42467 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1051899: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051899 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: qemu X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security Hi, The following vulnerability was published for qemu. CVE-2023-42467[0]: | QEMU through 8.0.0 could trigger a division by zero in | scsi_disk_reset in hw/scsi/scsi-disk.c because | scsi_disk_emulate_mode_select does not prevent s->qdev.blocksize | from being 256. This stops QEMU and the guest immediately. https://gitlab.com/qemu-project/qemu/-/issues/1813 If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-42467 https://www.cve.org/CVERecord?id=CVE-2023-42467 Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---Source: qemu Source-Version: 1:8.1.1+ds-1 Done: Michael Tokarev <m...@tls.msk.ru> We believe that the bug you reported is fixed in the latest version of qemu, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1051...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Michael Tokarev <m...@tls.msk.ru> (supplier of updated qemu package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 01 Oct 2023 22:11:24 +0300 Source: qemu Architecture: source Version: 1:8.1.1+ds-1 Distribution: unstable Urgency: medium Maintainer: Debian QEMU Team <pkg-qemu-de...@lists.alioth.debian.org> Changed-By: Michael Tokarev <m...@tls.msk.ru> Closes: 1051899 1053172 Changes: qemu (1:8.1.1+ds-1) unstable; urgency=medium . * new upstream stable/bugfix release * remove all stable-staging/ patches, keep softmmu-Use-async_run_on_cpu-in-tcg_commit.patch * vfio-display-fix-missing-update-to-set-backing-field.patch * scsi-disk-disallow-small-block-sizes-CVE-2023-42467.patch (Closes: #1051899, CVE-2023-42467) * migration-qmp-Fix-crash-on-setting-tls-authz-with-nu.patch * d/patches/move-vl-opts/ - stop linking everything with async-teardown.c, un-FTBFS on ia64 * d/control: minor: remove old todo comments * d/control: disable rbd (ceph) on 32bit platforms (Closes: #1053172) * d/control: enable rbd on riscv64 once it's built there * d/copyright: also remove subprojects/dtc Checksums-Sha1: 7072e3947652575de95f2cc282209e6eb3440550 8244 qemu_8.1.1+ds-1.dsc a96c8774f02920c8225694e634195c14329c3b1f 39706372 qemu_8.1.1+ds.orig.tar.xz 47719e3410552942484b1a4aac2cfcc6e73b8f44 122344 qemu_8.1.1+ds-1.debian.tar.xz a7b67d30bc04e7b51d12c7927516f9f10c49fc61 6718 qemu_8.1.1+ds-1_source.buildinfo Checksums-Sha256: c8c81b768c35e20aed8d751c2864d2fb06c26971a11dfb5f3cc6981ccb247044 8244 qemu_8.1.1+ds-1.dsc 3e0eb2eabdc7bdec6ab9043d6f865e98817b1834320614ee6a58fe11a4d8be40 39706372 qemu_8.1.1+ds.orig.tar.xz 57a999b1442652730b82934dd4f91e26dee2cff9ea08cf29662c540d512d487a 122344 qemu_8.1.1+ds-1.debian.tar.xz 9709a2890de9dad973762fc380c5973241f53abdb0e9c0999483b395a426f1fd 6718 qemu_8.1.1+ds-1_source.buildinfo Files: d8c702bf9eb034d7d555735f0dcb661e 8244 otherosfs optional qemu_8.1.1+ds-1.dsc ed572806b8621c792e30c7757a37932d 39706372 otherosfs optional qemu_8.1.1+ds.orig.tar.xz c4e26fe630248c6dbaf72e188b5036b5 122344 otherosfs optional qemu_8.1.1+ds-1.debian.tar.xz 6ee04f5a0f4c9cdabba856929cc87f1b 6718 otherosfs optional qemu_8.1.1+ds-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQFDBAEBCgAtFiEEe3O61ovnosKJMUsicBtPaxppPlkFAmUZxHcPHG1qdEB0bHMu bXNrLnJ1AAoJEHAbT2saaT5ZCTEIALbgITIV87fSBEINT+hrk25NhC6ZHCd+N6kQ pRy8C7ywaJQFHvCGcorEuF+s9DcsZQhUGFzAik7Evjn2ukTScg+dF7ahCVHp3E4j NZyEhjk1KtvsYSMUyDmGcbQzCH1GlEUI0HmKj2PWHMDKHXIc6P66dHgKPc7Gs2eB ccEIl3B1WCpcaXDhaEwXR+X7xT7ItTsgxxszazl+WrViKUeaigsGBeRGhT9v5xSd LwyfjiLjNa+ckkx9G/YvPmR04S4Qu5r8SjR5nwu+CEd9X9jQFM8IzjYuhdlF+AgL HOe8PannPRfEFakQCfcyh84POiN5h2K1BAa6JgI35f12Pv7KvM8= =/uq5 -----END PGP SIGNATURE-----
--- End Message ---
