Your message dated Thu, 11 Jan 2018 13:36:46 +0000 with message-id <e1ezd2e-000eyk...@fasolo.debian.org> and subject line Bug#883406: fixed in qemu 1:2.11+dfsg-1 has caused the Debian Bug report #883406, regarding qemu: CVE-2017-15118: stack buffer overflow in NBD server triggered via long export name to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 883406: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=883406 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: qemu Version: 1:2.10.0+dfsg-2 Severity: grave Tags: patch security upstream Hi, the following vulnerability was published for qemu, it was introduced in 2.10. CVE-2017-15118[0]: stack buffer overflow in NBD server triggered via long export name If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-15118 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15118 [1] https://bugzilla.redhat.com/show_bug.cgi?id=1516922 [2] https://lists.gnu.org/archive/html/qemu-devel/2017-11/msg05045.html [3] http://www.openwall.com/lists/oss-security/2017/11/28/8 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: qemu Source-Version: 1:2.11+dfsg-1 We believe that the bug you reported is fixed in the latest version of qemu, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 883...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Michael Tokarev <m...@tls.msk.ru> (supplier of updated qemu package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Thu, 11 Jan 2018 14:42:12 +0300 Source: qemu Binary: qemu qemu-system qemu-block-extra qemu-system-common qemu-system-misc qemu-system-arm qemu-system-mips qemu-system-ppc qemu-system-sparc qemu-system-x86 qemu-user qemu-user-static qemu-user-binfmt qemu-utils qemu-guest-agent qemu-kvm Architecture: source Version: 1:2.11+dfsg-1 Distribution: unstable Urgency: medium Maintainer: Debian QEMU Team <pkg-qemu-de...@lists.alioth.debian.org> Changed-By: Michael Tokarev <m...@tls.msk.ru> Description: qemu - fast processor emulator qemu-block-extra - extra block backend modules for qemu-system and qemu-utils qemu-guest-agent - Guest-side qemu-system agent qemu-kvm - QEMU Full virtualization on x86 hardware qemu-system - QEMU full system emulation binaries qemu-system-arm - QEMU full system emulation binaries (arm) qemu-system-common - QEMU full system emulation binaries (common files) qemu-system-mips - QEMU full system emulation binaries (mips) qemu-system-misc - QEMU full system emulation binaries (miscellaneous) qemu-system-ppc - QEMU full system emulation binaries (ppc) qemu-system-sparc - QEMU full system emulation binaries (sparc) qemu-system-x86 - QEMU full system emulation binaries (x86) qemu-user - QEMU user mode emulation binaries qemu-user-binfmt - QEMU user mode binfmt registration for qemu-user qemu-user-static - QEMU user mode emulation binaries (static version) qemu-utils - QEMU utilities Closes: 880485 880832 880836 883399 883406 883625 Changes: qemu (1:2.11+dfsg-1) unstable; urgency=medium . [ Michael Tokarev ] * update to new upstream (2.11) release Closes: #883625, CVE-2017-17381 Closes: #880832, CVE-2017-15289 Closes: #880836, CVE-2017-15268 Closes: #883399, CVE-2017-15119 Closes: #883406, CVE-2017-15118 * update to new upstream, remove old patches, refresh debian patches * disable sdl audio driver (pulse or oss should work fine) * do not build-depend on libx11-dev (libsdl2-dev already depends on it) * move libpulse-dev build-dep to a better place * clean up d/control from various old conflicts/replaces/provides * remove --with-system-pixman, not used anymore * remove ubuntu-specific qemu-system-aarch64 transitional package (trusty) * remove ubuntu-specific mentions of old qemu-kvm-spice package (precise) * remove old comment about /etc/kvm from qemu-kvm description * add Suggests: openbios-sparc for qemu-system-sparc on ubuntu (similar to what is done for qemu-system-ppc) * update get-orig-source.sh with new blobs/submodules * update debian/watch a bit . [ Aurelien Jarno ] * debian/control-in: build qemu-system and qemu-user on mips64 and mips64el. Closes: #880485. . [ Christian Ehrhardt ] * ppc64[le]: provide symlink matching arch name * d/control-in: Enable seccomp for ppc64el, this bumps minimum libseccomp version Checksums-Sha1: 08b1d64564db52d36dc2ed764f638a06e08f9b58 5688 qemu_2.11+dfsg-1.dsc 59741190a78e24b21d23249072f975249f94a304 7602724 qemu_2.11+dfsg.orig.tar.xz 8597fefb57e535541aeca67b63fa367e46d6ec4a 70824 qemu_2.11+dfsg-1.debian.tar.xz 19c218078d53e69c84a19d3b9e1e19a49d0975c4 12267 qemu_2.11+dfsg-1_source.buildinfo Checksums-Sha256: 7976483cfc4adc0c16f24b48624d1cefab71fea5dded999e1c57c7230865a958 5688 qemu_2.11+dfsg-1.dsc fbfeaafe9539031783d74fbd9e0c6cd85c107adb10442860a1bec07df47ad1c8 7602724 qemu_2.11+dfsg.orig.tar.xz d0f1afba49d8c8db55138ac91f3f242830f1a6c38736c1b4357d69716b981459 70824 qemu_2.11+dfsg-1.debian.tar.xz 7af11fa029d0999d54e526aaf4c13335b8c9f4bf7fddac4e9c166417b21f93c3 12267 qemu_2.11+dfsg-1_source.buildinfo Files: 4101ad36104cef2cd181520e8eeb783c 5688 otherosfs optional qemu_2.11+dfsg-1.dsc d5bbd9b22e088ade00bca3e10194b0aa 7602724 otherosfs optional qemu_2.11+dfsg.orig.tar.xz febc602ebe61da8e13a62c75e02e21d4 70824 otherosfs optional qemu_2.11+dfsg-1.debian.tar.xz b9b08928cff46c74405bcb0f478b767a 12267 otherosfs optional qemu_2.11+dfsg-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQFDBAEBCAAtFiEEe3O61ovnosKJMUsicBtPaxppPlkFAlpXYmgPHG1qdEB0bHMu bXNrLnJ1AAoJEHAbT2saaT5ZGAsIALjGcEiGkb0OW4iVJa7UcTax7LSVDdSTEhLp 2B3r/RqQtlAqVJ9yN2rcCUlJ5R3IzULLgjC2vbgVzepcNWyZYNPtalWofdaaMdp5 H0HG2us2Xi9SbvENVQStV67cMNZ91KpaZSqfu9sXo8OChf8InMMuN95Rsv7pMEzV nAiMfTDV6MBta2u3pmfnX5e3leb4aVYGtVZXiWU6jwduMW7KmQOeMa2UmH8dFSg0 VhalfxJAcumh8mbvF5tZ8y+UDEAFUrcQHr3ZR6C0dCymTTWgSNpUDVOi8ZzbYMFf vk6CeHbCO2UDL4pJ6jjxsaPL6BV+axngiFJjV5g8W/MlLUddPnA= =ygi6 -----END PGP SIGNATURE-----
--- End Message ---
