Your message dated Wed, 10 Feb 2016 22:17:13 +0000 with message-id <e1atd4t-0000mq...@franck.debian.org> and subject line Bug#808130: fixed in qemu 1:2.1+dfsg-12+deb8u5 has caused the Debian Bug report #808130, regarding CVE-2015-8504: vnc floating point exception to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 808130: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=808130 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: qemu Version: 1:2.1+dfsg-12 Severity: important Tags: security upstream patch fixed-upstream There's a floating point exception in qemu-system vnc server, being tracked as CVE-2015-8504. Upstream commit: http://git.qemu.org/?p=qemu.git;a=commit;h=4c65fed8bdf96780735dbdb92a8bd0d6b6526cc3
--- End Message ---
--- Begin Message ---Source: qemu Source-Version: 1:2.1+dfsg-12+deb8u5 We believe that the bug you reported is fixed in the latest version of qemu, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 808...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Michael Tokarev <m...@tls.msk.ru> (supplier of updated qemu package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Mon, 01 Feb 2016 23:32:49 +0300 Source: qemu Binary: qemu qemu-system qemu-system-common qemu-system-misc qemu-system-arm qemu-system-mips qemu-system-ppc qemu-system-sparc qemu-system-x86 qemu-user qemu-user-static qemu-user-binfmt qemu-utils qemu-guest-agent qemu-kvm Architecture: source Version: 1:2.1+dfsg-12+deb8u5 Distribution: jessie-security Urgency: high Maintainer: Debian QEMU Team <pkg-qemu-de...@lists.alioth.debian.org> Changed-By: Michael Tokarev <m...@tls.msk.ru> Description: qemu - fast processor emulator qemu-guest-agent - Guest-side qemu-system agent qemu-kvm - QEMU Full virtualization on x86 hardware qemu-system - QEMU full system emulation binaries qemu-system-arm - QEMU full system emulation binaries (arm) qemu-system-common - QEMU full system emulation binaries (common files) qemu-system-mips - QEMU full system emulation binaries (mips) qemu-system-misc - QEMU full system emulation binaries (miscelaneous) qemu-system-ppc - QEMU full system emulation binaries (ppc) qemu-system-sparc - QEMU full system emulation binaries (sparc) qemu-system-x86 - QEMU full system emulation binaries (x86) qemu-user - QEMU user mode emulation binaries qemu-user-binfmt - QEMU user mode binfmt registration for qemu-user qemu-user-static - QEMU user mode emulation binaries (static version) qemu-utils - QEMU utilities Closes: 799452 806373 806741 806742 808130 808131 808144 808145 809229 809232 810519 810527 811201 Changes: qemu (1:2.1+dfsg-12+deb8u5) jessie-security; urgency=high . * applied 3 patches from upstream to fix virtio-net possible remote DoS (Closes: #799452 CVE-2015-7295) * pcnet-add-check-to-validate-receive-data-size-CVE-2015-7504.patch (Closes: #806742, CVE-2015-7504) * pcnet-fix-rx-buffer-overflow-CVE-2015-7512.patch (Closes: #806741, CVE-2015-7512) * msix-implement-pba-write-but-read-only-CVE-2015-7549.patch (Closes: #808131, CVE-2015-7549) * eepro100-prevent-two-endless-loops-CVE-2015-8345.patch (Closes: #806373, CVE-2015-8345) * vnc-avoid-floating-point-exception-CVE-2015-8504.patch (Closes: #808130, CVE-2015-8504) * ehci-make-idt-processing-more-robust-CVE-2015-8558.patch (Closes: #808144, CVE-2015-8558) * two upstream patches from xsa-155 fixing unsafe shared memory access in xen (Closes: #809229, CVE-2015-8550) * net-ne2000-fix-bounds-check-in-ioport-operations-CVE-2015-8743.patch (Closes: #810519, CVE-2015-8743) * net-vmxnet3-avoid-memory-leakage-in-activate_device-[...].patch (Closes: #808145, CVE-2015-8567, CVE-2015-8568) * scsi-initialise-info-object-with-appropriate-size-CVE-2015-8613.patch (Closes: #809232, CVE-2015-8613) * vmxnet3-refine-l2-header-validation-CVE-2015-8744.patch (Closes: CVE-2015-8744) * vmxnet3-support-reading-IMR-registers-on-bar0-CVE-2015-8745.patch (Closes: CVE-2015-8745) * ide-ahci-reset-ncq-object-to-unused-on-error-CVE-2016-1568.patch (Closes: #810527, CVE-2016-1568) * fw_cfg-add-check-to-validate-current-entry-value-CVE-2016-1714.patch (Closes: CVE-2016-1714) * i386-avoid-null-pointer-dereference-CVE-2016-1922.patch (Closes: #811201, CVE-2016-1922) Checksums-Sha1: e83e863c38e418b2623c6700b13c8c4c4f6e7eb9 5174 qemu_2.1+dfsg-12+deb8u5.dsc 54a39c8e48b1b1e7d39beeeb7eb9fc554623897f 127544 qemu_2.1+dfsg-12+deb8u5.debian.tar.xz Checksums-Sha256: 5ab190585d859a94c3aee7397c6c54a3f9c9169fbee45a694d33962b2af9b62f 5174 qemu_2.1+dfsg-12+deb8u5.dsc 938be4ec654e623b0ad783eba71b951d7c92f98f803a1671e27de896d7009beb 127544 qemu_2.1+dfsg-12+deb8u5.debian.tar.xz Files: e51c9efc7305e91cf03a6c5f6b4f49d4 5174 otherosfs optional qemu_2.1+dfsg-12+deb8u5.dsc ab8611a4548efcb3c4c0aca8ab64590a 127544 otherosfs optional qemu_2.1+dfsg-12+deb8u5.debian.tar.xz -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJWr8SBAAoJEL7lnXSkw9fbzYcH/RA8b2ogrYlEKYvYtcPn6gC2 27WWqxQ4Rkiaja61msNJvsnYFIMOh/HuFGDbXQoewV064I7AltnjNCwSSTs4vPTn hEZeN2C7tEsW9vQ/O85Xb7g8ZVPxov6hsfF9U/k0OIi84kZp8Vgj5JkJV5Sp1XFL YrLB8GnMO4AojP5S904mIMTjpB0OfitPUNo29r8Ppce+Wr+s35gPja7iGp+hFwyE h9x+e//tqMtuj3TNrfhkbnF4rUgOyvmm7T79GY2Ma5vgjMGU9ZT+I6Jl8DsyWMAd U3AkhMP3K8+86gKPnDoFpleIZeL7u74R5px586BzAQOn2fl1e8JgytUVE4QCV4A= =l7aU -----END PGP SIGNATURE-----
--- End Message ---
