Your message dated Thu, 28 Sep 2017 05:47:12 +0000 with message-id <e1dxrfe-0002ol...@fasolo.debian.org> and subject line Bug#865755: fixed in qemu 1:2.8+dfsg-6+deb9u2 has caused the Debian Bug report #865755, regarding qemu: CVE-2017-9524: nbd: segmentation fault due to client non-negotiation to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 865755: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=865755 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: qemu Version: 1:2.8+dfsg-6 Severity: important Tags: upstream security Hi, the following vulnerability was published for qemu. CVE-2017-9524[0]: nbd: segmentation fault due to client non-negotiation If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-9524 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9524 [1] https://bugzilla.redhat.com/show_bug.cgi?id=1460170 [2] https://bugzilla.novell.com/show_bug.cgi?id=1043808 AFAIK, there is no upstream patch yet finalized. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: qemu Source-Version: 1:2.8+dfsg-6+deb9u2 We believe that the bug you reported is fixed in the latest version of qemu, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 865...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Michael Tokarev <m...@tls.msk.ru> (supplier of updated qemu package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Wed, 02 Aug 2017 16:57:34 +0300 Source: qemu Binary: qemu qemu-system qemu-block-extra qemu-system-common qemu-system-misc qemu-system-arm qemu-system-mips qemu-system-ppc qemu-system-sparc qemu-system-x86 qemu-user qemu-user-static qemu-user-binfmt qemu-utils qemu-guest-agent qemu-kvm Architecture: source Version: 1:2.8+dfsg-6+deb9u2 Distribution: stretch-security Urgency: high Maintainer: Debian QEMU Team <pkg-qemu-de...@lists.alioth.debian.org> Changed-By: Michael Tokarev <m...@tls.msk.ru> Description: qemu - fast processor emulator qemu-block-extra - extra block backend modules for qemu-system and qemu-utils qemu-guest-agent - Guest-side qemu-system agent qemu-kvm - QEMU Full virtualization on x86 hardware qemu-system - QEMU full system emulation binaries qemu-system-arm - QEMU full system emulation binaries (arm) qemu-system-common - QEMU full system emulation binaries (common files) qemu-system-mips - QEMU full system emulation binaries (mips) qemu-system-misc - QEMU full system emulation binaries (miscellaneous) qemu-system-ppc - QEMU full system emulation binaries (ppc) qemu-system-sparc - QEMU full system emulation binaries (sparc) qemu-system-x86 - QEMU full system emulation binaries (x86) qemu-user - QEMU user mode emulation binaries qemu-user-binfmt - QEMU user mode binfmt registration for qemu-user qemu-user-static - QEMU user mode emulation binaries (static version) qemu-utils - QEMU utilities Closes: 865755 867751 869171 869173 869945 Changes: qemu (1:2.8+dfsg-6+deb9u2) stretch-security; urgency=high . * actually apply the nbd server patches, not only include in debian/patches/ Really closes: #865755, CVE-2017-9524 * slirp-check-len-against-dhcp-options-array-end-CVE-2017-11434.patch Closes: #869171, CVE-2017-11434 * exec-use-qemu_ram_ptr_length-to-access-guest-ram-CVE-2017-11334.patch Closes: #869173, CVE-2017-11334 * usb-redir-fix-stack-overflow-in-usbredir_log_data-CVE-2017-10806.patch Closes: #867751, CVE-2017-10806 * add reference to #869706 to xen-disk-don-t-leak-stack-data-via-response-ring-CVE-2017-10911.patch * disable xhci recursive calls fix for now, as it causes instant crash (xhci-guard-xhci_kick_epctx-against-recursive-calls-CVE-2017-9375.patch) Reopens: #864219, CVE-2017-9375 Closes: #869945 Checksums-Sha1: 1a2314a55308cbd977d6255a00d886c424155c51 5579 qemu_2.8+dfsg-6+deb9u2.dsc e237d980c29f2e0bbd9bdfd81d2c2ecfa8bc84c7 125676 qemu_2.8+dfsg-6+deb9u2.debian.tar.xz 2552189938eb0e241d8f006b3dd5947b7e047272 10780 qemu_2.8+dfsg-6+deb9u2_source.buildinfo Checksums-Sha256: e831a68fee079d0e731dcc259b77067b04e6f0ad13903d4fc7eebdb86b5e27f7 5579 qemu_2.8+dfsg-6+deb9u2.dsc 62e98ed5db40ba75d10cf589fedbf1f47b0d6e27e5457808a03a48a124e579de 125676 qemu_2.8+dfsg-6+deb9u2.debian.tar.xz 3f9cf6d7be6fe32b6bbf5d641b9c871d23a104b1bb5e55d256c1f63312d8f6b6 10780 qemu_2.8+dfsg-6+deb9u2_source.buildinfo Files: 205e0d50a023ddf4a5505991681861c3 5579 otherosfs optional qemu_2.8+dfsg-6+deb9u2.dsc 48289e903387296142e73f37525a02be 125676 otherosfs optional qemu_2.8+dfsg-6+deb9u2.debian.tar.xz 76891081c5865b92a5912d58f0fcb6ea 10780 otherosfs optional qemu_2.8+dfsg-6+deb9u2_source.buildinfo -----BEGIN PGP SIGNATURE----- iQFDBAEBCAAtFiEEe3O61ovnosKJMUsicBtPaxppPlkFAlmB4U4PHG1qdEB0bHMu bXNrLnJ1AAoJEHAbT2saaT5ZDf0H/0zW8YtkXgYy+V9emiib1j2J91IHF+YtYrwz Ix89CbkNkCjl7sd1YMiSEb1R2iTR2A4LXE3B6UUmNJ/LWCIVFzJXQz1SzPzqCOeh vz5lAIPhsuYhzw6/jOMiNQLn7iS8TNkyBdWqTeaiLYevDePTyvnPLTnhjXrswINK flCWIfi6esjnk9Rzn87BwVm7k/DclVJt3A+JlrGAkq7vnHCPUnjcUkAGdhl0LMop T/SgJ+Kj0IefuLRvSEQOd287cT+INEK1mQf0uuOLoxy4gTQNkKNAWhb6fUwes/z8 YNWkxwWwVQ5ypfitM24+Lq3s+BNiNXdpktO2xDtfghi0OthoAnM= =nmt+ -----END PGP SIGNATURE-----
--- End Message ---
