Your message dated Wed, 07 May 2014 22:54:17 +0000 with message-id <e1wiajb-0002rk...@franck.debian.org> and subject line Bug#744221: fixed in qemu-kvm 0.12.5+dfsg-5+squeeze11 has caused the Debian Bug report #744221, regarding CVE-2014-0150: guest-triggerable buffer overrun in virtio-net to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 744221: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=744221 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: qemu Version: 0.6.1-1 Severity: grave Tags: security patch upstream squeeze wheezy jessie sid This is a guest-triggerable buffer overrun in virtio-net device in qemu. The relevant code has been added to qemu in version 0.6, which means it is in all versions of debian. The network device is one of the most important network devices which qemu implements, so impact might be very high. Upstream commit fixing this issue: http://thread.gmane.org/gmane.comp.emulators.qemu/266713 Thanks, /mjt
--- End Message ---
--- Begin Message ---Source: qemu-kvm Source-Version: 0.12.5+dfsg-5+squeeze11 We believe that the bug you reported is fixed in the latest version of qemu-kvm, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 744...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Michael Tokarev <m...@tls.msk.ru> (supplier of updated qemu-kvm package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Sat, 12 Apr 2014 11:57:35 +0400 Source: qemu-kvm Binary: qemu-kvm qemu-kvm-dbg kvm Architecture: source i386 Version: 0.12.5+dfsg-5+squeeze11 Distribution: squeeze-security Urgency: high Maintainer: Jan Lübbe <jlue...@debian.org> Changed-By: Michael Tokarev <m...@tls.msk.ru> Description: kvm - dummy transitional package from kvm to qemu-kvm qemu-kvm - Full virtualization on x86 hardware qemu-kvm-dbg - Debugging info for qemu-kvm Closes: 744221 Changes: qemu-kvm (0.12.5+dfsg-5+squeeze11) squeeze-security; urgency=high . * fix guest-triggerable buffer overrun in virtio-net device (Closes: #744221 CVE-2014-0150) Checksums-Sha1: 6ad0cf0ecaa436cedac4623c2b6775b9076826ea 1992 qemu-kvm_0.12.5+dfsg-5+squeeze11.dsc 98a9ccc0d9d85af146323ec84aae886406258e93 319440 qemu-kvm_0.12.5+dfsg-5+squeeze11.diff.gz 13ca2a2a03be6a29d5e30cf978762124ae524e29 1501908 qemu-kvm_0.12.5+dfsg-5+squeeze11_i386.deb aa517ed81fb4970407baa51509b8889750ce867b 2787444 qemu-kvm-dbg_0.12.5+dfsg-5+squeeze11_i386.deb 120daefcd96b260824270224e220e30cb871c5bb 14012 kvm_0.12.5+dfsg-5+squeeze11_i386.deb Checksums-Sha256: dd594538066940fa0aa7ddeeea103a0be279dbefd4cf43dc05afd1b188b72219 1992 qemu-kvm_0.12.5+dfsg-5+squeeze11.dsc 5c38ae7358a32c3fa97f0ad8505427fa5e2acabd3e6a5f6d08380eeb4b0d280a 319440 qemu-kvm_0.12.5+dfsg-5+squeeze11.diff.gz 933f537628a8d2e5b2217b58eb8ac88a125baa53ccb019b497f77ace431b5c15 1501908 qemu-kvm_0.12.5+dfsg-5+squeeze11_i386.deb bd3914f0de51036921c088b940d0ba98e018ad1e1538412c92e7df83fce00be5 2787444 qemu-kvm-dbg_0.12.5+dfsg-5+squeeze11_i386.deb 7a10c4193c4b82dae72c6c3e3c7d3ad570854c8f1466196a8531f31516097eb6 14012 kvm_0.12.5+dfsg-5+squeeze11_i386.deb Files: 7af58d20cc5b70fb41ff321dec95950e 1992 misc optional qemu-kvm_0.12.5+dfsg-5+squeeze11.dsc 1cb446bbc1ac64f311435f7ca1ca23b8 319440 misc optional qemu-kvm_0.12.5+dfsg-5+squeeze11.diff.gz bf30eaec6ee85bd8b4b266ef9e246daf 1501908 misc optional qemu-kvm_0.12.5+dfsg-5+squeeze11_i386.deb e3160eaa45ff635156a0454767734f3e 2787444 debug extra qemu-kvm-dbg_0.12.5+dfsg-5+squeeze11_i386.deb a4b5a8b18459cbd8c7bad910555ac578 14012 oldlibs extra kvm_0.12.5+dfsg-5+squeeze11_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBAgAGBQJTS6m0AAoJEL7lnXSkw9fbIKcIALNWSCCV3g+xxVA0fT5xvJ/h hFMNPbicY42CV21oJDYVK7ASnPj3FH5b2l1fMYYfHk308KM9U6D/XJhNujwIlcr6 S7E49PZg+wnoe9+BWkQ8XcjCqnIAFe2dif0OITy5jBe8ymWX9WDdwnaxwPKa2qcS isJjD3M1oKiM13/NBiBAOZXi7zWIaJseKTnS0aJx1SDxgUjd2gGNErhxyONr0uKY 1svCIuY9MRvfyfoXX4vjRZPmixuJDj7ibpaZynkNnxzijpXwGjdv2zpHTALCH0aP q9DuDiIuynXP66SHiX8WZjXw1OAHezh1sHZN/ICURntmCFVwvbOxVTJgllzTwC0= =EFOa -----END PGP SIGNATURE-----
--- End Message ---
