Your message dated Mon, 31 Aug 2015 15:44:08 +0000 with message-id <e1zwrfg-0004bv...@franck.debian.org> and subject line Bug#796465: fixed in qemu 1:2.4+dfsg-1a has caused the Debian Bug report #796465, regarding qemu: CVE-2015-5225: ui: vnc: heap memory corruption in vnc_refresh_server_surface to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 796465: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796465 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: qemu Version: 1:2.1+dfsg-1 Severity: grave Tags: security upstream patch Hi, the following vulnerability was published for qemu. CVE-2015-5225[0]: ui: vnc: heap memory corruption in vnc_refresh_server_surface If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2015-5225 [1] https://bugzilla.redhat.com/show_bug.cgi?id=1255896 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: qemu Source-Version: 1:2.4+dfsg-1a We believe that the bug you reported is fixed in the latest version of qemu, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 796...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Michael Tokarev <m...@tls.msk.ru> (supplier of updated qemu package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Mon, 31 Aug 2015 16:28:08 +0300 Source: qemu Binary: qemu qemu-system qemu-block-extra qemu-system-common qemu-system-misc qemu-system-arm qemu-system-mips qemu-system-ppc qemu-system-sparc qemu-system-x86 qemu-user qemu-user-static qemu-user-binfmt qemu-utils qemu-guest-agent qemu-kvm libcacard0 libcacard-dev libcacard-tools Architecture: source Version: 1:2.4+dfsg-1a Distribution: unstable Urgency: medium Maintainer: Debian QEMU Team <pkg-qemu-de...@lists.alioth.debian.org> Changed-By: Michael Tokarev <m...@tls.msk.ru> Description: libcacard-dev - Virtual Common Access Card (CAC) Emulator (development files) libcacard-tools - Virtual Common Access Card (CAC) Emulator (tools) libcacard0 - Virtual Common Access Card (CAC) Emulator (runtime library) qemu - fast processor emulator qemu-block-extra - extra block backend modules for qemu-system and qemu-utils qemu-guest-agent - Guest-side qemu-system agent qemu-kvm - QEMU Full virtualization on x86 hardware qemu-system - QEMU full system emulation binaries qemu-system-arm - QEMU full system emulation binaries (arm) qemu-system-common - QEMU full system emulation binaries (common files) qemu-system-mips - QEMU full system emulation binaries (mips) qemu-system-misc - QEMU full system emulation binaries (miscelaneous) qemu-system-ppc - QEMU full system emulation binaries (ppc) qemu-system-sparc - QEMU full system emulation binaries (sparc) qemu-system-x86 - QEMU full system emulation binaries (x86) qemu-user - QEMU user mode emulation binaries qemu-user-binfmt - QEMU user mode binfmt registration for qemu-user qemu-user-static - QEMU user mode emulation binaries (static version) qemu-utils - QEMU utilities Closes: 793388 793811 793817 794610 794611 795087 795461 796465 Changes: qemu (1:2.4+dfsg-1a) unstable; urgency=medium . * new upstream (2.4.0) release Closes: #795461, #793811, #794610, #795087, #794611, #793388 CVE-2015-3214 CVE-2015-5154 CVE-2015-5165 CVE-2015-5745 CVE-2015-5166 CVE-2015-5158 Closes: #793817 * removed all upstreamed patches * remove --enable-vnc-ws option (not used anymore) * update mjt-set-oem-in-rsdt-like-slic.diff * vnc-fix-memory-corruption-CVE-2015-5225.patch from upstream Closes: #796465 CVE-2015-5225 * remove now-unused /etc/qemu/target-x86_64.conf Checksums-Sha1: 3cfe8483bfc42ab0a71f7c4993c80a46c423a973 6044 qemu_2.4+dfsg-1a.dsc 50abfe59be072820e933e68f049844f8e4d41822 5847444 qemu_2.4+dfsg.orig.tar.xz 0000fa25a4d795123d2f0fd623569533d43b02e5 62084 qemu_2.4+dfsg-1a.debian.tar.xz Checksums-Sha256: 9110dcb593a324701dca6328616097206a25b5b06d31742ae762f9610591a910 6044 qemu_2.4+dfsg-1a.dsc fac42371926deac8a2e64ff7d36d483d524841a88e9d96f5f8f8f796a50e3595 5847444 qemu_2.4+dfsg.orig.tar.xz 532c24fc19df15731bacaf3e4cfd90d6d0b6cad9c2541fc80b7b628e9ced5b38 62084 qemu_2.4+dfsg-1a.debian.tar.xz Files: 4df20832a6ebaed264ab9e9e07274424 6044 otherosfs optional qemu_2.4+dfsg-1a.dsc 0b1db74f432a8b3bd9b6b0d07c8f3cc1 5847444 otherosfs optional qemu_2.4+dfsg.orig.tar.xz 2a0c7d279425626358d2abcef4bf6773 62084 otherosfs optional qemu_2.4+dfsg-1a.debian.tar.xz -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJV5FsQAAoJEL7lnXSkw9fbVnUIAKBB3pX6sz5HHP0K3aSilyJx Guy+bOgPGVp5V6pumpqjnrbzTcfuoCjtdH6j6cqFwBqRNtWeZ3EabVZgIVv6AkD+ R6y+C2Nhi0LssZbNGJdkLemv9UFkIdAwMrJKiMqnT+aWkRo1dCR2SGLXXh+ZPoCb CxcPF5aYdkGfyiHP3pxzRZSt+6fp4+mEGvdOP61u+mma2MwkLwdEhwIhOYVxsGiQ kFcR8ALEILj0b4znt8L6LsCjEJ/WkgTOCAkk+xzcyRIs6oavzYR+y0oVfNaVLtZ/ MIoRI8pOAJ2HBiYwMJXG5wWpfpH3/tVYPtuMffWKgHM9ynC1zt79z8VLYCVzqa8= =s/3S -----END PGP SIGNATURE-----
--- End Message ---
