Bug#808130: marked as done (CVE-2015-8504: vnc floating point exception)

[Debian Bug Tracking System]

Your message dated Wed, 10 Feb 2016 22:17:50 +0000
with message-id <e1atd54-0000p2...@franck.debian.org>
and subject line Bug#808130: fixed in qemu 1:2.1+dfsg-12+deb8u5a
has caused the Debian Bug report #808130,
regarding CVE-2015-8504: vnc floating point exception
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
808130: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=808130
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Source: qemu
Version: 1:2.1+dfsg-12
Severity: important
Tags: security upstream patch fixed-upstream

There's a floating point exception in qemu-system vnc server,
being tracked as CVE-2015-8504.  Upstream commit:

http://git.qemu.org/?p=qemu.git;a=commit;h=4c65fed8bdf96780735dbdb92a8bd0d6b6526cc3

--- End Message ---

--- Begin Message ---

Source: qemu
Source-Version: 1:2.1+dfsg-12+deb8u5a

We believe that the bug you reported is fixed in the latest version of
qemu, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 808...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Michael Tokarev <m...@tls.msk.ru> (supplier of updated qemu package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Mon, 08 Feb 2016 10:33:30 +0300
Source: qemu
Binary: qemu qemu-system qemu-system-common qemu-system-misc qemu-system-arm 
qemu-system-mips qemu-system-ppc qemu-system-sparc qemu-system-x86 qemu-user 
qemu-user-static qemu-user-binfmt qemu-utils qemu-guest-agent qemu-kvm
Architecture: source amd64
Version: 1:2.1+dfsg-12+deb8u5a
Distribution: jessie-security
Urgency: high
Maintainer: Debian QEMU Team <pkg-qemu-de...@lists.alioth.debian.org>
Changed-By: Michael Tokarev <m...@tls.msk.ru>
Description:
 qemu       - fast processor emulator
 qemu-guest-agent - Guest-side qemu-system agent
 qemu-kvm   - QEMU Full virtualization on x86 hardware
 qemu-system - QEMU full system emulation binaries
 qemu-system-arm - QEMU full system emulation binaries (arm)
 qemu-system-common - QEMU full system emulation binaries (common files)
 qemu-system-mips - QEMU full system emulation binaries (mips)
 qemu-system-misc - QEMU full system emulation binaries (miscelaneous)
 qemu-system-ppc - QEMU full system emulation binaries (ppc)
 qemu-system-sparc - QEMU full system emulation binaries (sparc)
 qemu-system-x86 - QEMU full system emulation binaries (x86)
 qemu-user  - QEMU user mode emulation binaries
 qemu-user-binfmt - QEMU user mode binfmt registration for qemu-user
 qemu-user-static - QEMU user mode emulation binaries (static version)
 qemu-utils - QEMU utilities
Closes: 799452 806373 806741 806742 808130 808131 808144 808145 809229 809232 
809237 810519 810527 811201 812307
Changes:
 qemu (1:2.1+dfsg-12+deb8u5a) jessie-security; urgency=high
 .
   * applied 3 patches from upstream to fix virtio-net
     possible remote DoS (Closes: #799452 CVE-2015-7295)
   * pcnet-add-check-to-validate-receive-data-size-CVE-2015-7504.patch
     (Closes: #806742, CVE-2015-7504)
   * pcnet-fix-rx-buffer-overflow-CVE-2015-7512.patch
     (Closes: #806741, CVE-2015-7512)
   * msix-implement-pba-write-but-read-only-CVE-2015-7549.patch
     (Closes: #808131, CVE-2015-7549)
   * eepro100-prevent-two-endless-loops-CVE-2015-8345.patch
     (Closes: #806373, CVE-2015-8345)
   * vnc-avoid-floating-point-exception-CVE-2015-8504.patch
     (Closes: #808130, CVE-2015-8504)
   * ehci-make-idt-processing-more-robust-CVE-2015-8558.patch
     (Closes: #808144, CVE-2015-8558)
   * two upstream patches from xsa-155 fixing unsafe shared memory access in xen
     (Closes: #809229, CVE-2015-8550)
   * net-ne2000-fix-bounds-check-in-ioport-operations-CVE-2015-8743.patch
     (Closes: #810519, CVE-2015-8743)
   * net-vmxnet3-avoid-memory-leakage-in-activate_device-[...].patch
     (Closes: #808145, CVE-2015-8567, CVE-2015-8568)
   * scsi-initialise-info-object-with-appropriate-size-CVE-2015-8613.patch
     (Closes: #809232, CVE-2015-8613)
   * vmxnet3-refine-l2-header-validation-CVE-2015-8744.patch
     (Closes: CVE-2015-8744)
   * vmxnet3-support-reading-IMR-registers-on-bar0-CVE-2015-8745.patch
     (Closes: CVE-2015-8745)
   * ide-ahci-reset-ncq-object-to-unused-on-error-CVE-2016-1568.patch
     (Closes: #810527, CVE-2016-1568)
   * fw_cfg-add-check-to-validate-current-entry-value-CVE-2016-1714.patch
     (Closes: CVE-2016-1714)
   * i386-avoid-null-pointer-dereference-CVE-2016-1922.patch
     (Closes: #811201, CVE-2016-1922)
   * e1000-eliminate-infinite-loops-on-out-of-bounds-start-CVE-2016-1981.patch
     (Closes: #812307, CVE-2016-1981)
   * hmp-fix-sendkey-out-of-bounds-write-CVE-2015-8619.patch
     (Closes: #809237, CVE-2015-8619)
Checksums-Sha1:
 98393c6d4d972757e6a15b457b4904536a92ca3f 5176 qemu_2.1+dfsg-12+deb8u5a.dsc
 a5928d53f352ec549837ba63f55c5d52341999be 128076 
qemu_2.1+dfsg-12+deb8u5a.debian.tar.xz
 d96b963059051a0941213cad62d8b6f61316d56c 122694 
qemu_2.1+dfsg-12+deb8u5a_amd64.deb
 542fde82530914515f19f0f042bac8eaa23e20c9 51930 
qemu-system_2.1+dfsg-12+deb8u5a_amd64.deb
 40fa761909e8a021db40334df486cd2f8c4de3e5 281718 
qemu-system-common_2.1+dfsg-12+deb8u5a_amd64.deb
 390417db23daeef6f5f6d3ba04678c6cd002edf6 5198408 
qemu-system-misc_2.1+dfsg-12+deb8u5a_amd64.deb
 5e88681a3ea2e9ff9efca27b577509633ac3b7a0 2231682 
qemu-system-arm_2.1+dfsg-12+deb8u5a_amd64.deb
 634f0ed0c7bcf2382986487d0d3e1c3bb85e4fd7 2553396 
qemu-system-mips_2.1+dfsg-12+deb8u5a_amd64.deb
 e23e74a457a77294e8b352a41d52370f2540e126 2831746 
qemu-system-ppc_2.1+dfsg-12+deb8u5a_amd64.deb
 01f345932dc38a48c321fddb4bd7b8e9afb05027 1668400 
qemu-system-sparc_2.1+dfsg-12+deb8u5a_amd64.deb
 0956ce514ae60d1c9719b5b1603994acfa180c2a 2044598 
qemu-system-x86_2.1+dfsg-12+deb8u5a_amd64.deb
 ec29c3080f143940fd1ead9a7f0afd8c4ae18468 4890826 
qemu-user_2.1+dfsg-12+deb8u5a_amd64.deb
 ab78e3a696a5f45b0124bd7656fae0c62e8a24a3 6897096 
qemu-user-static_2.1+dfsg-12+deb8u5a_amd64.deb
 09db7d2562f837c63d69c9cb1cc34a5a82f2dbc9 2888 
qemu-user-binfmt_2.1+dfsg-12+deb8u5a_amd64.deb
 9ae42be909bfc7d300116437360207edbefdfd29 482032 
qemu-utils_2.1+dfsg-12+deb8u5a_amd64.deb
 22bd2658155dfac41eec7cab0cdca0f41c05fc25 136226 
qemu-guest-agent_2.1+dfsg-12+deb8u5a_amd64.deb
 fc9df80dc40eb7e9fc4b966194a3d2f1cf70f0b9 52592 
qemu-kvm_2.1+dfsg-12+deb8u5a_amd64.deb
Checksums-Sha256:
 98fa7600ac3de587dde19cafcc1e3fc4b87fa12c98fcfc250d53d6dea6bcc5a4 5176 
qemu_2.1+dfsg-12+deb8u5a.dsc
 82a3ca376b1b1fe54fe8f9b2cdd5c011bf48d4c0f1e53477c2f29eb38e3e4112 128076 
qemu_2.1+dfsg-12+deb8u5a.debian.tar.xz
 3e0575a19148799c0a3eff042de7cf646a11a49c941e7a2af027697355b5dd27 122694 
qemu_2.1+dfsg-12+deb8u5a_amd64.deb
 62db8ac185f8f694b7a9cd3343617a520cf1981458c3c8ed0c3466ac764ec422 51930 
qemu-system_2.1+dfsg-12+deb8u5a_amd64.deb
 65cc97dac7b417459c8e9ee5013eff3516eb733f115539d20a70f7190e34e842 281718 
qemu-system-common_2.1+dfsg-12+deb8u5a_amd64.deb
 e6764676a7c333ac2ccf037e4b70618750a8602cde8adbe9bc3cd4a036e361fb 5198408 
qemu-system-misc_2.1+dfsg-12+deb8u5a_amd64.deb
 82cdd916405f704ea9bae209719033c7cc484c337d762cfb148cb115b1b91d10 2231682 
qemu-system-arm_2.1+dfsg-12+deb8u5a_amd64.deb
 371780bb36295143440a10c48434d6469edeb045f5c346d91c30b8d09161dfdf 2553396 
qemu-system-mips_2.1+dfsg-12+deb8u5a_amd64.deb
 1f5f23f61e8016cc73302c8421d5465e4be9876c6ce72128c606db0ab27ee3b2 2831746 
qemu-system-ppc_2.1+dfsg-12+deb8u5a_amd64.deb
 90fc055d05be115e37f9c542e08d0689a43807dec10897b321159865b0bcf596 1668400 
qemu-system-sparc_2.1+dfsg-12+deb8u5a_amd64.deb
 7af57abc1b3eba441e8101bb96e4680d394d8412b17678eef70fc36dcfcff4dd 2044598 
qemu-system-x86_2.1+dfsg-12+deb8u5a_amd64.deb
 15ff18405155818c81398ce49b50cdbb2d4be0613c7cdae05fe921f482535604 4890826 
qemu-user_2.1+dfsg-12+deb8u5a_amd64.deb
 6d76c5363d86a53f5c5068fc8fd7b86f6660a32d183716306b2753102306ee1f 6897096 
qemu-user-static_2.1+dfsg-12+deb8u5a_amd64.deb
 5c0171034764c277511101405a2d7fc872dc60cef7a28e485869a5489939692f 2888 
qemu-user-binfmt_2.1+dfsg-12+deb8u5a_amd64.deb
 8eb7783bd4c5a61464bf4a81887790f838065f2cbb3e73333399d8a1d5a9e76c 482032 
qemu-utils_2.1+dfsg-12+deb8u5a_amd64.deb
 471c752e2b8ac47488b169130740095c9e3ad4906b2f92ad2639184ac4d1c917 136226 
qemu-guest-agent_2.1+dfsg-12+deb8u5a_amd64.deb
 da7f34f13daf1744fdc7f9b51edd7b970ea5609b16bb8494701195cf2cfb9c83 52592 
qemu-kvm_2.1+dfsg-12+deb8u5a_amd64.deb
Files:
 44e143ee56afc22dffb491f3b335cba3 5176 otherosfs optional 
qemu_2.1+dfsg-12+deb8u5a.dsc
 b441926dec67df02d6194effce9a749e 128076 otherosfs optional 
qemu_2.1+dfsg-12+deb8u5a.debian.tar.xz
 1ffe86a2fced4b3a2b0bad3b8bad605f 122694 otherosfs optional 
qemu_2.1+dfsg-12+deb8u5a_amd64.deb
 ed46bd5bd05618b4290f587a50e8f2af 51930 otherosfs optional 
qemu-system_2.1+dfsg-12+deb8u5a_amd64.deb
 3c3b5e1d3cf942b52ac3771594f13e0c 281718 otherosfs optional 
qemu-system-common_2.1+dfsg-12+deb8u5a_amd64.deb
 2b86a05b0aa2e5a0bf87e7480b9eecd5 5198408 otherosfs optional 
qemu-system-misc_2.1+dfsg-12+deb8u5a_amd64.deb
 7a46975c95639075da833fd35c1b9394 2231682 otherosfs optional 
qemu-system-arm_2.1+dfsg-12+deb8u5a_amd64.deb
 9723275929411168331a730805266b23 2553396 otherosfs optional 
qemu-system-mips_2.1+dfsg-12+deb8u5a_amd64.deb
 c168ca70082f88046a1a3c3f7a83cce3 2831746 otherosfs optional 
qemu-system-ppc_2.1+dfsg-12+deb8u5a_amd64.deb
 6bb485fd5ee4784d94ca5c3e178f61ac 1668400 otherosfs optional 
qemu-system-sparc_2.1+dfsg-12+deb8u5a_amd64.deb
 051a6a9e9fba93af38a27b3e6bd6b64c 2044598 otherosfs optional 
qemu-system-x86_2.1+dfsg-12+deb8u5a_amd64.deb
 ab193a8e1742d8380ea6a35127c99cd6 4890826 otherosfs optional 
qemu-user_2.1+dfsg-12+deb8u5a_amd64.deb
 0489e816f32dc50a7f8f4d7a79e741b1 6897096 otherosfs optional 
qemu-user-static_2.1+dfsg-12+deb8u5a_amd64.deb
 b41437f4cdcf07e2a8137a7ce92c4522 2888 otherosfs optional 
qemu-user-binfmt_2.1+dfsg-12+deb8u5a_amd64.deb
 0bbb16549689e5397e3a55ad7531c598 482032 otherosfs optional 
qemu-utils_2.1+dfsg-12+deb8u5a_amd64.deb
 c2c4ef5e05d15ae8cde6b80f9c1f7472 136226 otherosfs optional 
qemu-guest-agent_2.1+dfsg-12+deb8u5a_amd64.deb
 fac2f957c0ce24ef731e2b54a906fd9a 52592 otherosfs optional 
qemu-kvm_2.1+dfsg-12+deb8u5a_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBAgAGBQJWuEeEAAoJEL7lnXSkw9fbH3cIAKQi94EHeGSmHUG0HxqksPXX
HPF+FLyHALyksmLmZIe5ouZF9qE6CQs80humKjnY+cGV/jOID/hDAcnMImBMlR4N
8v9RN79x8OTUjZ1frz8moeDkOH7g562/3qM5depEG6GbLiNL6urEtYWp2LU+krIc
E2iUjE/LlDasYdXH9juD5MZcgHKvB0dMjRz/Qf0gnwpdkWAJSiamt9gBYqe+kJrf
6s7xmcbtbsHFgio6iMZ0r13zXWYLySzeLrp9cC+dzVYCBuKsXgSPwkz0rHNSLYGz
3wDVbt7AYU1AQGt1P5ZgHGRuSSgwGrzWNWGsvgWajQZn7C6qPPRc4X4CFL1u3rk=
=6EQc
-----END PGP SIGNATURE-----

--- End Message ---