Your message dated Sat, 28 Jan 2012 19:34:17 +0000
with message-id <e1rre2t-0003gy...@franck.debian.org>
and subject line Bug#657529: fixed in qemu-kvm 0.12.5+dfsg-5+squeeze8
has caused the Debian Bug report #657529,
regarding e1000: process_tx_desc legacy mode packets heap overflow
(CVE-2012-0029)
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
657529: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=657529
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: qemu-kvm
Version: 0.12.5+dfsg-5+squeeze6
Severity: serious
Tags: patch security squeeze upstream sid
There is a buffer overflow in handling of network
packets transmitted from guest to qemu/kvm process
in e1000 emulated device. A malicious guest running
on a virtual machine with emulated e1000 device can
trigger a heap overflow in host process and gain
host privileges.
This is assigned CVE-2012-0029.
Both stable (squeeze) and testing/unstable versions
are affected (and actually oldstable as well, but
there, kvm package is severly broken anyway).
--- End Message ---
--- Begin Message ---
Source: qemu-kvm
Source-Version: 0.12.5+dfsg-5+squeeze8
We believe that the bug you reported is fixed in the latest version of
qemu-kvm, which is due to be installed in the Debian FTP archive:
kvm_0.12.5+dfsg-5+squeeze8_i386.deb
to main/q/qemu-kvm/kvm_0.12.5+dfsg-5+squeeze8_i386.deb
qemu-kvm-dbg_0.12.5+dfsg-5+squeeze8_i386.deb
to main/q/qemu-kvm/qemu-kvm-dbg_0.12.5+dfsg-5+squeeze8_i386.deb
qemu-kvm_0.12.5+dfsg-5+squeeze8.diff.gz
to main/q/qemu-kvm/qemu-kvm_0.12.5+dfsg-5+squeeze8.diff.gz
qemu-kvm_0.12.5+dfsg-5+squeeze8.dsc
to main/q/qemu-kvm/qemu-kvm_0.12.5+dfsg-5+squeeze8.dsc
qemu-kvm_0.12.5+dfsg-5+squeeze8_i386.deb
to main/q/qemu-kvm/qemu-kvm_0.12.5+dfsg-5+squeeze8_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 657...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michael Tokarev <m...@tls.msk.ru> (supplier of updated qemu-kvm package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Fri, 27 Jan 2012 00:55:42 +0400
Source: qemu-kvm
Binary: qemu-kvm qemu-kvm-dbg kvm
Architecture: source i386
Version: 0.12.5+dfsg-5+squeeze8
Distribution: stable-security
Urgency: low
Maintainer: Jan Lübbe <jlue...@debian.org>
Changed-By: Michael Tokarev <m...@tls.msk.ru>
Description:
kvm - dummy transitional package from kvm to qemu-kvm
qemu-kvm - Full virtualization on x86 hardware
qemu-kvm-dbg - Debugging info for qemu-kvm
Closes: 608756 657529
Changes:
qemu-kvm (0.12.5+dfsg-5+squeeze8) stable-security; urgency=low
.
* patch fix-vnc-memory-corruption-with-width=1440.diff from
Gerd Hoffman, fixing guest-triggerable memory corruption
in vnc with one of standard display sizes (1440x1050 or
1440x900 or others -- these can be set by guest if run
with -vga {std|vmware}. Closes: #608756.
* e1000-bounds-packet-size-against-buffer-size-CVE-2012-0029.diff
patch from upstream to fix CVE-2012-0029 (Closes: #657529)
Checksums-Sha1:
31c25dcf78b8e2f739d5abb6e035f4f39ad7056f 1814
qemu-kvm_0.12.5+dfsg-5+squeeze8.dsc
b7f05a642d2d53edfe8482a103492d65a4bcadf7 314594
qemu-kvm_0.12.5+dfsg-5+squeeze8.diff.gz
67d37585b620c5c802d100136fb13de1e9008219 1498094
qemu-kvm_0.12.5+dfsg-5+squeeze8_i386.deb
a29e8613eab42c693494bb2d2ebc911f43d6a731 2786034
qemu-kvm-dbg_0.12.5+dfsg-5+squeeze8_i386.deb
2b47eab1febfbe4f03e6230d4590a4c8265f6d33 13670
kvm_0.12.5+dfsg-5+squeeze8_i386.deb
Checksums-Sha256:
5cdf190ad64c8725bde1571866b3a9f1512c96a1633f8d1767f3a8d80bce6847 1814
qemu-kvm_0.12.5+dfsg-5+squeeze8.dsc
24959bb158de5336326e2f2b63526436bb260e4aba85654990861cb5394568d8 314594
qemu-kvm_0.12.5+dfsg-5+squeeze8.diff.gz
08d649335383c2250cdd6510fcd99067a95a4b7373846ac62791bb13f0681d19 1498094
qemu-kvm_0.12.5+dfsg-5+squeeze8_i386.deb
5efbb7dce8ee1494b0c25fc7b7946cce4363da752f33cde61795af3135760b25 2786034
qemu-kvm-dbg_0.12.5+dfsg-5+squeeze8_i386.deb
a14ef563453baa1a3c4b9b996dd6ac864744517ead34c7557a7c8a7d6131ec06 13670
kvm_0.12.5+dfsg-5+squeeze8_i386.deb
Files:
bbfec35faf093cb40cc5e795d2416d29 1814 misc optional
qemu-kvm_0.12.5+dfsg-5+squeeze8.dsc
97ebe3e15c6d33b1d33d729d69ac33de 314594 misc optional
qemu-kvm_0.12.5+dfsg-5+squeeze8.diff.gz
b3b85a0caa3ba8631cf345769ca14875 1498094 misc optional
qemu-kvm_0.12.5+dfsg-5+squeeze8_i386.deb
a8b44f09b7bbc87859d24c1d5d8b3f91 2786034 debug extra
qemu-kvm-dbg_0.12.5+dfsg-5+squeeze8_i386.deb
b42d3083083d8fbfd0924a3e6259f15c 13670 oldlibs extra
kvm_0.12.5+dfsg-5+squeeze8_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iJwEAQECAAYFAk8iwT0ACgkQUlPFrXTwyDhAcgP9E0rj7EQzjoR6eQa3vlYDCTps
tVPI0DyirXn7hYAarxLY9JeHzfgrDkolTJj+s6yqOSqVNj6hwtcHp5EUrZ2h3i0o
W2Dn+EXNpUf0zKfMx8hX8FEZdY4WkiXX2Y6Ik1v0EB5SAc63VdthxTJizR/6AdYG
Bm9KPeKBI7Eut90sU5Q=
=S3OX
-----END PGP SIGNATURE-----
--- End Message ---
