Bug#772025: marked as done (CVE-2014-8106: cirrus: insufficient blit region checks)

[Debian Bug Tracking System]

Your message dated Thu, 04 Dec 2014 15:22:21 +0000
with message-id <e1xwyex-00051y...@franck.debian.org>
and subject line Bug#772025: fixed in qemu 2.1+dfsg-9
has caused the Debian Bug report #772025,
regarding CVE-2014-8106: cirrus: insufficient blit region checks
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
772025: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=772025
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: qemu-system, qemu-kvm
Version: 1.1.2+dfsg-1
Severity: critical
Tags: security patch upstream fixed-upstream

There's a CVE-2014-8106 reported against qemu.
The prob exists in earlier versions of qemu too,
affecting stable (wheezy) release as well.

/mjt

--- End Message ---

--- Begin Message ---

Source: qemu
Source-Version: 2.1+dfsg-9

We believe that the bug you reported is fixed in the latest version of
qemu, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 772...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Michael Tokarev <m...@tls.msk.ru> (supplier of updated qemu package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Thu, 04 Dec 2014 00:10:43 +0300
Source: qemu
Binary: qemu qemu-system qemu-system-common qemu-system-misc qemu-system-arm 
qemu-system-mips qemu-system-ppc qemu-system-sparc qemu-system-x86 qemu-user 
qemu-user-static qemu-user-binfmt qemu-utils qemu-guest-agent qemu-kvm
Architecture: source
Version: 2.1+dfsg-9
Distribution: unstable
Urgency: high
Maintainer: Debian QEMU Team <pkg-qemu-de...@lists.alioth.debian.org>
Changed-By: Michael Tokarev <m...@tls.msk.ru>
Description:
 qemu       - fast processor emulator
 qemu-guest-agent - Guest-side qemu-system agent
 qemu-kvm   - QEMU Full virtualization on x86 hardware
 qemu-system - QEMU full system emulation binaries
 qemu-system-arm - QEMU full system emulation binaries (arm)
 qemu-system-common - QEMU full system emulation binaries (common files)
 qemu-system-mips - QEMU full system emulation binaries (mips)
 qemu-system-misc - QEMU full system emulation binaries (miscelaneous)
 qemu-system-ppc - QEMU full system emulation binaries (ppc)
 qemu-system-sparc - QEMU full system emulation binaries (sparc)
 qemu-system-x86 - QEMU full system emulation binaries (x86)
 qemu-user  - QEMU user mode emulation binaries
 qemu-user-binfmt - QEMU user mode binfmt registration for qemu-user
 qemu-user-static - QEMU user mode emulation binaries (static version)
 qemu-utils - QEMU utilities
Closes: 772025
Changes:
 qemu (2.1+dfsg-9) unstable; urgency=high
 .
   * apply upstream patches for CVE-2014-8106
     (cirrus: insufficient blit region checks)
     (Closes: #772025 CVE-2014-8106)
Checksums-Sha1:
 5d7e85048c6f8db837e99c28952e2f63675d9bf7 5152 qemu_2.1+dfsg-9.dsc
 5ad90b3e52ee83bc3aee083d6a813d0e2c0847b7 88320 qemu_2.1+dfsg-9.debian.tar.xz
Checksums-Sha256:
 cb45d50718e7eb6d5c789ca8ca3028ceb8dca03107e020ef3d53010caf491729 5152 
qemu_2.1+dfsg-9.dsc
 794b103a69569b17bac273686eacffd9c4bf46ad0b8e4e2a90f83904a0d844eb 88320 
qemu_2.1+dfsg-9.debian.tar.xz
Files:
 8bfa4ce0c7385d5f5f961c94fe4c0c13 5152 otherosfs optional qemu_2.1+dfsg-9.dsc
 83eed0ec3aaa2e4b62a5d198dc12c9cc 88320 otherosfs optional 
qemu_2.1+dfsg-9.debian.tar.xz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQEcBAEBAgAGBQJUgHd5AAoJEL7lnXSkw9fbQswH/3Br8WiyqLYL7SxQaj/kkMdC
9ioLbq+g4YqxRR/FjTYzzZQfit4tCFglyEsIU+sGjGR5s/9Tckde38Z24as/HVsA
U8S8O0SXade/gB2v4wKpzNCrEU9aMTq1Kh9B2HKd/Q3Tu6zwLZVNSgdyooqd6i3g
cv3/RT0csZcyQkw+jEWbWSdhR1+ymrKbCgxJTD11wCd25W0faojDe9FnFvVkHH1s
2rshJgeNWZXjU9iYxZnxohJdpet63caD9nStVz9ouwbyj6AW+BXgeeweED7j0NmW
ME7tgH0KKoy9BjC6fkpwIrFDA4fAC2gIxTYLUuHNcAvUxk7IyTFfSOsjCMjCpNc=
=mEBZ
-----END PGP SIGNATURE-----

--- End Message ---