Your message dated Sat, 07 Oct 2017 11:47:42 +0000 with message-id <e1e0na2-0004gp...@fasolo.debian.org> and subject line Bug#864219: fixed in qemu 1:2.8+dfsg-6+deb9u3 has caused the Debian Bug report #864219, regarding qemu: CVE-2017-9375: usb: xhci infinite recursive call via xhci_kick_ep to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 864219: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864219 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: qemu Version: 1:2.8+dfsg-6 Severity: normal Tags: patch security upstream fixed-upstream Hi, the following vulnerability was published for qemu. CVE-2017-9375[0]: usb: xhci infinite recursive call via xhci_kick_ep If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-9375 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9375 [1] http://www.openwall.com/lists/oss-security/2017/06/05/2 [2] http://git.qemu.org/?p=qemu.git;a=commitdiff;h=96d87bdda3919bb16f754b3d3fd1227e1f38f13c Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: qemu Source-Version: 1:2.8+dfsg-6+deb9u3 We believe that the bug you reported is fixed in the latest version of qemu, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 864...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Michael Tokarev <m...@tls.msk.ru> (supplier of updated qemu package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Mon, 02 Oct 2017 16:11:47 +0300 Source: qemu Binary: qemu qemu-system qemu-block-extra qemu-system-common qemu-system-misc qemu-system-arm qemu-system-mips qemu-system-ppc qemu-system-sparc qemu-system-x86 qemu-user qemu-user-static qemu-user-binfmt qemu-utils qemu-guest-agent qemu-kvm Architecture: source Version: 1:2.8+dfsg-6+deb9u3 Distribution: stretch-security Urgency: high Maintainer: Debian QEMU Team <pkg-qemu-de...@lists.alioth.debian.org> Changed-By: Michael Tokarev <m...@tls.msk.ru> Description: qemu - fast processor emulator qemu-block-extra - extra block backend modules for qemu-system and qemu-utils qemu-guest-agent - Guest-side qemu-system agent qemu-kvm - QEMU Full virtualization on x86 hardware qemu-system - QEMU full system emulation binaries qemu-system-arm - QEMU full system emulation binaries (arm) qemu-system-common - QEMU full system emulation binaries (common files) qemu-system-mips - QEMU full system emulation binaries (mips) qemu-system-misc - QEMU full system emulation binaries (miscellaneous) qemu-system-ppc - QEMU full system emulation binaries (ppc) qemu-system-sparc - QEMU full system emulation binaries (sparc) qemu-system-x86 - QEMU full system emulation binaries (x86) qemu-user - QEMU user mode emulation binaries qemu-user-binfmt - QEMU user mode binfmt registration for qemu-user qemu-user-static - QEMU user mode emulation binaries (static version) qemu-utils - QEMU utilities Closes: 864219 869945 871648 871702 872257 873849 873851 873875 874606 Changes: qemu (1:2.8+dfsg-6+deb9u3) stretch-security; urgency=high . * xhci-dont-kick-in-xhci_submit-and-xhci_fire_ctl_transfer.patch This is a pre-required patch for the next patch to work right. Closes: #869945 * xhci-guard-xhci_kick_epctx-against-recursive-calls-CVE-2017-9375.patch After applying previous patch, this one can be applied again Closes: #864219, CVE-2017-9375 * ide-do-not-flush-empty-CDROM-drives-CVE-2017-12809.patch Closes: #873849, CVE-2017-12809 * vga-stop-passing-pointers-to-vga_draw_line-functions-CVE-2017-13672.patch Closes: #873851, CVE-2017-13672 * multiboot-validate-multiboot-header-address-values-CVE-2017-14167.patch Closes: #874606, CVE-2017-14167 * slirp-fix-clearing-ifq_so-from-pending-packets-CVE-2017-13711.patch Closes: #873875, CVE-2017-13711 * exec-add-lock-parameter-to-qemu_ram_ptr_length.patch upstream patch fixing memory leak after exec-use-qemu_ram_ptr_length-to-access-guest-ram-CVE-2017-11334.patch Closes: #871648, #871702, #872257 Checksums-Sha1: 86b9489c5f1d443c84bc4973fd9071d913737a9c 5579 qemu_2.8+dfsg-6+deb9u3.dsc 58ba5aa2e6562d59d113820dba69aacb050eb59c 130256 qemu_2.8+dfsg-6+deb9u3.debian.tar.xz 1ca8bb7235b37b4f7b2634913b92bac3ae084c94 10818 qemu_2.8+dfsg-6+deb9u3_source.buildinfo Checksums-Sha256: 1328b57741bba1ee5f8ab5e5ab2e7a3a0eb78791151d72fd48de8226b3ebb85d 5579 qemu_2.8+dfsg-6+deb9u3.dsc ef24cad8ee55f4ceb7a9b52de81ec61e8386249b921f656438ef939a4979a419 130256 qemu_2.8+dfsg-6+deb9u3.debian.tar.xz 2e61af972fe8525142ac3b63f1145d77e015c38cb459e7329a9e0094a5b579d7 10818 qemu_2.8+dfsg-6+deb9u3_source.buildinfo Files: a76e0dc92a5e609f23deaae8fddc18ca 5579 otherosfs optional qemu_2.8+dfsg-6+deb9u3.dsc 8010d49ac95ca2fa07faa682a5d967dd 130256 otherosfs optional qemu_2.8+dfsg-6+deb9u3.debian.tar.xz a8357f2c157e24c2f2003bc1c287951d 10818 otherosfs optional qemu_2.8+dfsg-6+deb9u3_source.buildinfo -----BEGIN PGP SIGNATURE----- iQFDBAEBCAAtFiEEe3O61ovnosKJMUsicBtPaxppPlkFAlnSO10PHG1qdEB0bHMu bXNrLnJ1AAoJEHAbT2saaT5ZA+8H/jZGNDjA1sUInHuHWJFr0pFLO8L3iKeKmZzj P5bXARMqBRIIzOvUKTv0DTqFr3L1ablR0ooviZXDOvAKEUXBeWuuUyndeETm9y8/ T/H6Utr6pGD6ToNn36ev5qYLjabtSis+W9YRMlSYqZAjvoNTPhPPuiscl/NjqzOg OpZfs9kS1r4glmvygv1D6JD6iWSuPLUsWEH1aNnDe7LPOdbAFo3snF5zh7JKuMus jTBafv1X5Z/bUZ6lL31BcVr2zGhjD9qaH/X7eYMVD9O160J1fCnvZBKOh29nRo1d NaesLFXtn/mF7p26d8Xl5HivVLuS/R4V0aSfY0y2xq5wFC6LiAg= =H33i -----END PGP SIGNATURE-----
--- End Message ---
