Your message dated Sun, 06 Sep 2015 22:19:24 +0000 with message-id <e1zyihu-0006ak...@franck.debian.org> and subject line Bug#793811: fixed in qemu 1:2.1+dfsg-12+deb8u2 has caused the Debian Bug report #793811, regarding qemu: CVE-2015-5154: ide: atapi: heap overflow during I/O buffer memory access to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 793811: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=793811 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: qemu Version: 1.5.0+dfsg-1 Severity: grave Tags: security upstream Hi, the following vulnerability was published for qemu. CVE-2015-5154[0]: QEMU heap overflow flaw while processing certain ATAPI commands If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2015-5154 [1] https://bugzilla.redhat.com/show_bug.cgi?id=1243563 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: qemu Source-Version: 1:2.1+dfsg-12+deb8u2 We believe that the bug you reported is fixed in the latest version of qemu, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 793...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated qemu package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 29 Aug 2015 16:12:31 +0200 Source: qemu Binary: qemu qemu-system qemu-system-common qemu-system-misc qemu-system-arm qemu-system-mips qemu-system-ppc qemu-system-sparc qemu-system-x86 qemu-user qemu-user-static qemu-user-binfmt qemu-utils qemu-guest-agent qemu-kvm Architecture: source Version: 1:2.1+dfsg-12+deb8u2 Distribution: jessie-security Urgency: high Maintainer: Debian QEMU Team <pkg-qemu-de...@lists.alioth.debian.org> Changed-By: Salvatore Bonaccorso <car...@debian.org> Closes: 793811 794610 795087 795461 796465 Description: qemu - fast processor emulator qemu-guest-agent - Guest-side qemu-system agent qemu-kvm - QEMU Full virtualization on x86 hardware qemu-system - QEMU full system emulation binaries qemu-system-arm - QEMU full system emulation binaries (arm) qemu-system-common - QEMU full system emulation binaries (common files) qemu-system-mips - QEMU full system emulation binaries (mips) qemu-system-misc - QEMU full system emulation binaries (miscelaneous) qemu-system-ppc - QEMU full system emulation binaries (ppc) qemu-system-sparc - QEMU full system emulation binaries (sparc) qemu-system-x86 - QEMU full system emulation binaries (x86) qemu-user - QEMU user mode emulation binaries qemu-user-binfmt - QEMU user mode binfmt registration for qemu-user qemu-user-static - QEMU user mode emulation binaries (static version) qemu-utils - QEMU utilities Changes: qemu (1:2.1+dfsg-12+deb8u2) jessie-security; urgency=high . * Non-maintainer upload by the Security Team. * Add 0001-i8254-fix-out-of-bounds-memory-access-in-pit_ioport_.patch patch. CVE-2015-3214: i8254: out-of-bounds memory access in pit_ioport_read function. (Closes: #795461) * Add patches to address heap overflow when processing ATAPI commands. CVE-2015-5154: heap overflow during I/O buffer memory access. (Closes: #793811) * Add CVE-2015-5225.patch patch. CVE-2015-5225: vnc: heap memory corruption in vnc_refresh_server_surface. (Closes: #796465) * Add 0001-virtio-serial-fix-ANY_LAYOUT.patch patch. CVE-2015-5745: buffer overflow in virtio-serial. (Closes: #795087) * Add patches for CVE-2015-5165. CVE-2015-5165: rtl8139 uninitialized heap memory information leakage to guest. (Closes: #794610) Checksums-Sha1: ac15c1363023106bbf9f73d7f9a7d5a8b212b78d 5520 qemu_2.1+dfsg-12+deb8u2.dsc a11f28854b972f71bb5e5eebe0da55bc82f23cfd 112728 qemu_2.1+dfsg-12+deb8u2.debian.tar.xz Checksums-Sha256: 254db070d83650461ae37dc470346304209d0065fea6852479378344bac92e7f 5520 qemu_2.1+dfsg-12+deb8u2.dsc 96f8859ab1e020b92e48000a90d06ee1e7d8f044acfa6666d715250100b417bc 112728 qemu_2.1+dfsg-12+deb8u2.debian.tar.xz Files: a23f7c6041f858efc24ba57b49869e25 5520 otherosfs optional qemu_2.1+dfsg-12+deb8u2.dsc 0075b321bff7879126a7282c081673d2 112728 otherosfs optional qemu_2.1+dfsg-12+deb8u2.debian.tar.xz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJV4cjiAAoJEAVMuPMTQ89E+0EP/1IMxmuGwUSoeBVNKKl4weMx w7RFN4OtpMAK2ZbLESBRLTP0N1EH0xfqv7r5Snu0bcwG+26Zz1UwcEi+AZpSW2gd fYKzWorz8pCdMiSsDv0gGLfzk7xf264zhCxciyagI0r8blVQpiS9ebj/jwY6/RtS XtiPGQb10GmMeZzjy1s4ZZsiatIi8CdFh8yZMu4UKdAIfkzgIbNaExdY70jX01S+ pts7gBqET5aYlhKxKJT+6bNIXbGe2DiDZDHcqIuci7TLLJ/OFQCxtJlntkoo6qX0 FdaKHoGfs9TnKUpl0+nBlWzSzhjHMwDVolGOTVZ+uy4SPlh7UZmyMtnDeaADTuUw F3OnlohyFfzMoPLp6IAucc+tlKFYc7nKMhLHBCKMjPQxVy7HF/VwboD4tGb1lQvz uL1gK3aYz5AMou+q4yPeiLwh2tVgwrrkb4hRBqMt+/kM6nzoejdcQsqLfG7aRJGn NyOA5Cr6eCKDl+nym6jIq0PkCqhuDzgfNfWIGv323DIFE6aljNrwGwbQwAGg+rgM qnxZXjyAChHOIHBQbddA5htL90ERcc7+DH2hHaFG776MQ33FVQY9dS7JS1jLl2ty dZrMZ62azcq2FyQmg1xeel39qbpBAYiU/wWomSIbCat+yy0mqe1kcwBFY0JlnXEq ZFACMxr1PX7mQc+pO3of =U3/8 -----END PGP SIGNATURE-----
--- End Message ---
