Your message dated Mon, 10 Sep 2012 10:33:18 +0000 with message-id <e1tb1is-0002rs...@franck.debian.org> and subject line Bug#686974: fixed in qemu-kvm 1.1.2+dfsg-1 has caused the Debian Bug report #686974, regarding VT100 emulation vulnerability (CVE-2012-3515, XSA-17) to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 686974: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686974 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: qemu Version: 0.12.5+dfsg-3squeeze1 Severity: grave Tags: security upstream patch All versions of qemu (and qemu-kvm) since 2004 have a flaw in handling VT100 escape sequences when emulating some devices with a virtual console backend. More information can be found at redhat bugreport there: https://bugzilla.redhat.com/show_bug.cgi?id=851252 and Xen Security Advisory at http://seclists.org/oss-sec/2012/q3/381 . This issue has been fixed in upstream version 1.1.2 (and 1.2.0), and affects all current versions of Debian. I'll prepare the security fixes in the nearest future. /mjt
--- End Message ---
--- Begin Message ---Source: qemu-kvm Source-Version: 1.1.2+dfsg-1 We believe that the bug you reported is fixed in the latest version of qemu-kvm, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 686...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Michael Tokarev <m...@tls.msk.ru> (supplier of updated qemu-kvm package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Mon, 10 Sep 2012 14:14:27 +0400 Source: qemu-kvm Binary: qemu-kvm qemu-kvm-dbg kvm Architecture: source amd64 Version: 1.1.2+dfsg-1 Distribution: unstable Urgency: high Maintainer: Michael Tokarev <m...@tls.msk.ru> Changed-By: Michael Tokarev <m...@tls.msk.ru> Description: kvm - dummy transitional package from kvm to qemu-kvm qemu-kvm - Full virtualization on x86 hardware qemu-kvm-dbg - Debugging info for qemu-kvm Closes: 685898 686524 686974 Changes: qemu-kvm (1.1.2+dfsg-1) unstable; urgency=high . * urgency high due to an important security fix * new upstream stable/bugfix release, fixing a LOT of bugs, including CVE-2012-3515 (Closes: #686974, #686524) * remove many patches included upstream: - uhci:-fix-uhci_async_cancel_all.patch - eventfd-making-it-thread-safe.patch - qom-object_delete-should-unparent-the-object-first.patch - virtio-blk-fix-use-after-free-while-handling-scsi-commands.patch - ahci-Fix-ahci-cdrom-read-corruptions-for-reads-128k.patch - ahci-Fix-sglist-memleak-in-ahci_dma_rw_buf.patch - kvm-i8254-cache-kernel-clock-offset-in-KVMPITState.patch - kvm-i8254-finish-time-conversion-fix.patch - align-ram_size-to-8k-boundary.patch * do not ship broken /usr/share/kvm/ne2k_isa.rom symlink: it is not provided by ipxe-qemu and is not used for qemu booting for a long time (Closes: #685898) Checksums-Sha1: fc13b017a8cf780cce605cf4e97f7942400f79bd 1949 qemu-kvm_1.1.2+dfsg-1.dsc 5363df6f46c1931dfeabb34ff3f54468f5e8d141 3737392 qemu-kvm_1.1.2+dfsg.orig.tar.xz 2cc955792bf0dde754e3f7820707a65c142e473d 33966 qemu-kvm_1.1.2+dfsg-1.debian.tar.gz eb156b59e476837affd4d6fac17b9b87dc119f2c 1673014 qemu-kvm_1.1.2+dfsg-1_amd64.deb d65ca527e5ae304f0f6a8870a6f6835af72ac2d5 5263894 qemu-kvm-dbg_1.1.2+dfsg-1_amd64.deb 221236459ecc16aa329a97d743e04e8b2836cf98 22132 kvm_1.1.2+dfsg-1_amd64.deb Checksums-Sha256: 83c52a7cdc46f57b8cd9a1e8b16d85819487939661b29a9fa1125f0a49686a04 1949 qemu-kvm_1.1.2+dfsg-1.dsc 82065673c5c6e785c4c692c1899ec1420f0753fbe2cd278bdaa1c9c7a262a019 3737392 qemu-kvm_1.1.2+dfsg.orig.tar.xz 0745cad5d50f295605a3cbd12a3902dd4612ec5e203ca1ce3c4406f5155a2f13 33966 qemu-kvm_1.1.2+dfsg-1.debian.tar.gz b8c0b033fd68e48bf54913455b485853001d27fc3d14d29d657b4eeb582954e9 1673014 qemu-kvm_1.1.2+dfsg-1_amd64.deb 353f7affbdd90ba933f571ef88e44535984a8635f0572cc8444b0b1bc5470b87 5263894 qemu-kvm-dbg_1.1.2+dfsg-1_amd64.deb 82752cb4f101bfeee625e7cfff5caf430182951e1a5e492acb16231c47fd76fd 22132 kvm_1.1.2+dfsg-1_amd64.deb Files: ea9c0bd7bcaafbe8c64427f0554b46b9 1949 misc optional qemu-kvm_1.1.2+dfsg-1.dsc 2c2c78c14294c177b697ac0544c7634d 3737392 misc optional qemu-kvm_1.1.2+dfsg.orig.tar.xz 6fd9933ddb2a175019cc40d6d1b9c656 33966 misc optional qemu-kvm_1.1.2+dfsg-1.debian.tar.gz ef6c0c2ca5e441668cedd8769a72f713 1673014 misc optional qemu-kvm_1.1.2+dfsg-1_amd64.deb 080383443b8668418be12d38cb0ab8b0 5263894 debug extra qemu-kvm-dbg_1.1.2+dfsg-1_amd64.deb 0a8b8488bbc258a4c3f16f386d3d3776 22132 oldlibs extra kvm_1.1.2+dfsg-1_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iJwEAQECAAYFAlBNvokACgkQUlPFrXTwyDgCdwQAg/h45pIl8IfoKC9OKYullS4r EBL/mgPakeqJ6O1/86VkGu6e7ks8MfgrVNDA5dzTsbvAycPTTeZIxW5zg+rUJahT aqOhh/zwE0J9FqZM72N71FigdNDdIAPP/tDaCPzbeQINiUjL3nh7sYQhA9cZIAA0 mRhYniJ22jaoJ+oG7IY= =c5wO -----END PGP SIGNATURE-----
--- End Message ---
