Your message dated Wed, 07 May 2014 22:53:59 +0000 with message-id <e1wiait-0002qe...@franck.debian.org> and subject line Bug#744221: fixed in qemu 0.12.5+dfsg-3squeeze4 has caused the Debian Bug report #744221, regarding CVE-2014-0150: guest-triggerable buffer overrun in virtio-net to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 744221: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=744221 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: qemu Version: 0.6.1-1 Severity: grave Tags: security patch upstream squeeze wheezy jessie sid This is a guest-triggerable buffer overrun in virtio-net device in qemu. The relevant code has been added to qemu in version 0.6, which means it is in all versions of debian. The network device is one of the most important network devices which qemu implements, so impact might be very high. Upstream commit fixing this issue: http://thread.gmane.org/gmane.comp.emulators.qemu/266713 Thanks, /mjt
--- End Message ---
--- Begin Message ---Source: qemu Source-Version: 0.12.5+dfsg-3squeeze4 We believe that the bug you reported is fixed in the latest version of qemu, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 744...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Michael Tokarev <m...@tls.msk.ru> (supplier of updated qemu package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Sat, 12 Apr 2014 11:57:35 +0400 Source: qemu Binary: qemu qemu-keymaps qemu-system qemu-user qemu-user-static qemu-utils libqemu-dev Architecture: source all i386 Version: 0.12.5+dfsg-3squeeze4 Distribution: squeeze-security Urgency: high Maintainer: Debian QEMU Team <pkg-qemu-de...@lists.alioth.debian.org> Changed-By: Michael Tokarev <m...@tls.msk.ru> Description: libqemu-dev - static libraries and headers for QEMU qemu - fast processor emulator qemu-keymaps - QEMU keyboard maps qemu-system - QEMU full system emulation binaries qemu-user - QEMU user mode emulation binaries qemu-user-static - QEMU user mode emulation binaries (static version) qemu-utils - QEMU utilities Closes: 744221 Changes: qemu (0.12.5+dfsg-3squeeze4) squeeze-security; urgency=high . * fix guest-triggerable buffer overrun in virtio-net device (Closes: #744221 CVE-2014-0150) Checksums-Sha1: 4609e921933995e5f30b26e9e28398f0232228ef 2310 qemu_0.12.5+dfsg-3squeeze4.dsc f78bc7d8779e32cee109297b36eaff62e72bffc3 48460 qemu_0.12.5+dfsg-3squeeze4.diff.gz 625513b4e4ac19baad21e1d3a9e3595271d7a9ed 48598 qemu-keymaps_0.12.5+dfsg-3squeeze4_all.deb f7ceb986b51b41c708f4323be018e1a1ab0a3e40 106458 qemu_0.12.5+dfsg-3squeeze4_i386.deb 17b77d8ffc4777d370ca5dd0260a600e86815562 12294154 qemu-system_0.12.5+dfsg-3squeeze4_i386.deb 429b2b9bef7f753ae4f85c9e26ee9195d7577a99 4208568 qemu-user_0.12.5+dfsg-3squeeze4_i386.deb a9f8efe6f1575686fe1020e368d7e9ca5cc91cbd 8889528 qemu-user-static_0.12.5+dfsg-3squeeze4_i386.deb 464f195f0cc880087d533fecead2044267962bc8 367172 qemu-utils_0.12.5+dfsg-3squeeze4_i386.deb cb8b1acead211f4a906b6da56708f4c0b51da3b4 5018416 libqemu-dev_0.12.5+dfsg-3squeeze4_i386.deb Checksums-Sha256: f3f5064fcd73005975097c9b27c19f43ae67ccb443873bae6fdf0e656635a6fd 2310 qemu_0.12.5+dfsg-3squeeze4.dsc b5c63d3bfbc17e082ab0ea8789d95c417708de5665df0b85b4f3501912fa6f64 48460 qemu_0.12.5+dfsg-3squeeze4.diff.gz 24dcf9fd97ce77b06aadb6c850d43dd21799c511ab5442214c1e2bd98a4b84e4 48598 qemu-keymaps_0.12.5+dfsg-3squeeze4_all.deb f8d80af257281817e98bd32b791e33063b2cb6c06b943b43e96891d78c06a0a3 106458 qemu_0.12.5+dfsg-3squeeze4_i386.deb a686f43aef501937e5c0ec784b3f674fb5c41460bd7bb5abffde2f3f17be0308 12294154 qemu-system_0.12.5+dfsg-3squeeze4_i386.deb d2bfcf3e7f494e74748cd197ebe0f787c6a61cd8d6003073c8fa62f159d18165 4208568 qemu-user_0.12.5+dfsg-3squeeze4_i386.deb 37f562d60f41d2d4e4addd9e9fb2ab526a6b7666cb793fee0a2daec43a754da4 8889528 qemu-user-static_0.12.5+dfsg-3squeeze4_i386.deb d0d057056873db43e039cac05dc24c51aeaa3333710ae03bebb4747493b193cd 367172 qemu-utils_0.12.5+dfsg-3squeeze4_i386.deb 732765d9786e56c047ff279d4dd7cf877a769ee45d56680f57523ddaa7cf04a2 5018416 libqemu-dev_0.12.5+dfsg-3squeeze4_i386.deb Files: a1f29e8ce0ee8f4442f107e015ba5275 2310 misc optional qemu_0.12.5+dfsg-3squeeze4.dsc 2724a20df7683bf25c66ce1f8fa7c679 48460 misc optional qemu_0.12.5+dfsg-3squeeze4.diff.gz 155b116778bae5216f2e7e163d6d520b 48598 misc optional qemu-keymaps_0.12.5+dfsg-3squeeze4_all.deb 18085a0c3ad6cb42b5474515ec581fda 106458 misc optional qemu_0.12.5+dfsg-3squeeze4_i386.deb 4941628c963f0ad18e79a9232c2686cb 12294154 misc optional qemu-system_0.12.5+dfsg-3squeeze4_i386.deb b6445ae144eb2da59f918c997a5de6a3 4208568 misc optional qemu-user_0.12.5+dfsg-3squeeze4_i386.deb 9e69ea5b5ebf3cd2fa7ac13aed50b663 8889528 misc optional qemu-user-static_0.12.5+dfsg-3squeeze4_i386.deb cb6326ecd4a8c25f2894d2ffaa23896d 367172 misc optional qemu-utils_0.12.5+dfsg-3squeeze4_i386.deb 428b86549b45089d12ca68c6235f7bce 5018416 libdevel optional libqemu-dev_0.12.5+dfsg-3squeeze4_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBAgAGBQJTS6myAAoJEL7lnXSkw9fbjbEH/RguGk7skYKdPcTEyG4DioPF 3gFGyFqD11FcXtwndhD/oBvs8HUOe4ERP2JbXbfqUEFsu3c2MBiaCIiJJvS/MtcJ FRAgtpIy9G+NXMBGF+R5BgqTMeX+Xl4fF3Km98DzqGIdyH18njausM5Ly32oNpzB d8sTqOzJW1fqyIWW8v+yV/PwObrDIBgUKG+OIFaVCD2kVYYVHx+0rQ/icTeFDw6U xJY2oX0u0c71LfNeEJ7SHw83Yo6uyzyx0BiDVmaDXjmFISTPIIa3Xi3RGej/uPiQ /n/UD6ymK2FS0XMmqgak+lp6ZU5ziihfirbDi3amGabx3i0TZNZyWiz00kYHrQc= =tgRb -----END PGP SIGNATURE-----
--- End Message ---
