Your message dated Mon, 28 Dec 2009 20:47:08 +0000
with message-id <1262033228.068725.2530.nullmai...@kmos.homeip.net>
and subject line Package kvm has been removed from Debian
has caused the Debian Bug report #553590,
regarding CVE-2009-3616: Multiple use-after-free vulnerabilities in vnc.c
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
553590: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=553590
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: kvm
Severity: grave
Tags: security
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for kvm.
CVE-2009-3616[0]:
| Multiple use-after-free vulnerabilities in vnc.c in the VNC server in
| QEMU 0.10.6 and earlier might allow guest OS users to execute
| arbitrary code on the host OS by establishing a connection from a VNC
| client and then (1) disconnecting during data transfer, (2) sending a
| message using incorrect integer data types, or (3) using the Fuzzy
| Screen Mode protocol, related to double free vulnerabilities.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3616
http://security-tracker.debian.org/tracker/CVE-2009-3616
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkrtYAYACgkQNxpp46476aqAZQCggUoTDn0woH1Gq2ho3OClxwxR
zQMAn26utjy966AXv1YpjIZB9YzErFhw
=iWBL
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
Version: 85+dfsg-4.1+rm
You filled the bug http://bugs.debian.org/553590 in Debian BTS
against the package kvm. I'm closing it at *unstable*, but it will
remain open for older distributions.
For more information about this package's removal, read
http://bugs.debian.org/562620. That bug might give the reasons why
this package was removed and suggestions of possible replacements.
Don't hesitate to reply to this mail if you have any question.
Thank you for your contribution to Debian.
--
Marco Rodrigues
--- End Message ---
