Bug#864219: marked as done (qemu: CVE-2017-9375: usb: xhci infinite recursive call via xhci_kick_ep)

Sat, 23 Sep 2017 08:21:25 -0700 

Your message dated Sat, 23 Sep 2017 15:17:34 +0000
with message-id <e1dvmbs-0007xe...@fasolo.debian.org>
and subject line Bug#864219: fixed in qemu 1:2.10.0-1
has caused the Debian Bug report #864219,
regarding qemu: CVE-2017-9375: usb: xhci infinite recursive call via 
xhci_kick_ep
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
864219: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864219
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Source: qemu
Version: 1:2.8+dfsg-6
Severity: normal
Tags: patch security upstream fixed-upstream

Hi,

the following vulnerability was published for qemu.

CVE-2017-9375[0]:
usb: xhci infinite recursive call via xhci_kick_ep

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-9375
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9375
[1] http://www.openwall.com/lists/oss-security/2017/06/05/2
[2] 
http://git.qemu.org/?p=qemu.git;a=commitdiff;h=96d87bdda3919bb16f754b3d3fd1227e1f38f13c

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- End Message ---
--- Begin Message --- 
Source: qemu
Source-Version: 1:2.10.0-1

We believe that the bug you reported is fixed in the latest version of
qemu, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 864...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Michael Tokarev <m...@tls.msk.ru> (supplier of updated qemu package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sat, 23 Sep 2017 16:47:02 +0300
Source: qemu
Binary: qemu qemu-system qemu-block-extra qemu-system-common qemu-system-misc 
qemu-system-arm qemu-system-mips qemu-system-ppc qemu-system-sparc 
qemu-system-x86 qemu-user qemu-user-static qemu-user-binfmt qemu-utils 
qemu-guest-agent qemu-kvm
Architecture: source
Version: 1:2.10.0-1
Distribution: unstable
Urgency: medium
Maintainer: Debian QEMU Team <pkg-qemu-de...@lists.alioth.debian.org>
Changed-By: Michael Tokarev <m...@tls.msk.ru>
Description:
 qemu       - fast processor emulator
 qemu-block-extra - extra block backend modules for qemu-system and qemu-utils
 qemu-guest-agent - Guest-side qemu-system agent
 qemu-kvm   - QEMU Full virtualization on x86 hardware
 qemu-system - QEMU full system emulation binaries
 qemu-system-arm - QEMU full system emulation binaries (arm)
 qemu-system-common - QEMU full system emulation binaries (common files)
 qemu-system-mips - QEMU full system emulation binaries (mips)
 qemu-system-misc - QEMU full system emulation binaries (miscellaneous)
 qemu-system-ppc - QEMU full system emulation binaries (ppc)
 qemu-system-sparc - QEMU full system emulation binaries (sparc)
 qemu-system-x86 - QEMU full system emulation binaries (x86)
 qemu-user  - QEMU user mode emulation binaries
 qemu-user-binfmt - QEMU user mode binfmt registration for qemu-user
 qemu-user-static - QEMU user mode emulation binaries (static version)
 qemu-utils - QEMU utilities
Closes: 864219 865754 869945
Changes:
 qemu (1:2.10.0-1) unstable; urgency=medium
 .
   * new upstream release, 2.10
     Closes: #865754, CVE-2017-9503
     Closes: #864219, CVE-2017-9375
     Closes: #869945
     Closed in this upstream release:
      #865755, CVE-2017-9524
      #863840, CVE-2017-9310
      #863943, CVE-2017-9330
      #864216, CVE-2017-9373
      #864568, CVE-2017-9374
      #869171, CVE-2017-11434
      #869173, CVE-2017-11334
      #869706, CVE-2017-10911
      #867751, CVE-2017-10806
      #866674, CVE-2017-10664
      #873849, CVE-2017-12809
   * dropped all fixes, applied upstream
   * dropped 02_kfreebsd.patch - apparently not relevant anymore
   * dropped +dfsg, use upstream tarball directly: we do not use
     binaries shipped there, and even for those, upstream tarball
     contains the sources
   * refreshed list of targets:
       qemu-or32, qemu-system-or32 => qemu-or1k, qemu-system-or1k
       +qemu-nios2, qemu-system-nios2
       +qemu-hppa
   * added hppa binfmt entry
   * refreshed docs lists for various packages
   * new (security) patches:
     vga-stop-passing-pointers-to-vga_draw_line-functions-CVE-2017-13672.patch 
(#873851)
     multiboot-validate-multiboot-header-address-values-CVE-2017-14167.patch 
(#874606)
     slirp-fix-clearing-ifq_so-from-pending-packets-CVE-2017-13711.patch 
(#873875)
Checksums-Sha1:
 9b7105394e0ce407ac071d3bdb2d496ecdeec171 5497 qemu_2.10.0-1.dsc
 5d6815fa3ab1c6163c7e886f26153feabdcbb0f8 25040324 qemu_2.10.0.orig.tar.xz
 40b63b5dca1852d4dc23320de5717bec8b6714c3 74200 qemu_2.10.0-1.debian.tar.xz
 91675719046a93f7680e7f9a23c9f61e2bf532cb 10782 qemu_2.10.0-1_source.buildinfo
Checksums-Sha256:
 6468cd585a28ccbbc8d7a0064f69e0172689107e5e144b6676be1abfc5e80e09 5497 
qemu_2.10.0-1.dsc
 55d81ac987a4821d2744359c026d766459319ba9c013746570369068d93ff335 25040324 
qemu_2.10.0.orig.tar.xz
 4e03eeef87369670def39db672ff66a4e73f26d6f9fd76c0f2c54d395594df33 74200 
qemu_2.10.0-1.debian.tar.xz
 debd5968c7f7fd37ff91d3205fedf0d518803b0048dfb4eb69163edc5b7771fb 10782 
qemu_2.10.0-1_source.buildinfo
Files:
 5ef06336f9a2755b897cf4a82f336f37 5497 otherosfs optional qemu_2.10.0-1.dsc
 a89e3293cf69c32cf4be4188dfa25544 25040324 otherosfs optional 
qemu_2.10.0.orig.tar.xz
 b116254e3a787ff817151c6432607ac9 74200 otherosfs optional 
qemu_2.10.0-1.debian.tar.xz
 4079c41b9a83c085a5b883f6118a6826 10782 otherosfs optional 
qemu_2.10.0-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQFDBAEBCAAtFiEEe3O61ovnosKJMUsicBtPaxppPlkFAlnGb38PHG1qdEB0bHMu
bXNrLnJ1AAoJEHAbT2saaT5Z2ZQIAIF3ef2PiB149m2ZdR2IOAX4qlXY0Pk/jYs4
GFJbLUbnfpC0YrfYEccOjbZ6XNRjkMIDZWDOyLCt79R77oJUUsj9JcflOSsiCeTb
lAX2A+0xfs00NPAd+QFqBYWCn/tavSNEGIShZFimzWtl2Pp/FPtwEsI16a2wXXjs
b3xbLAzkhlQyUMKmDvaN8GumlZaaXJsoTpwc7BkmSkHqExAELyiZgZ5D57/+JK2z
HPfozvTSeJMZ2vcDaPXY5ajTaXP1dlY8ggEzb3kHYIMly6Oelh2p3aKxPKeLDI3q
i5jVgqz03v5uCzqxUyP5TZmC4wOBbSX1nNsq1NWZhoQFL0fEMeQ=
=QkT2
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to