Your message dated Sun, 19 May 2019 12:34:10 +0000 with message-id <e1hsl10-0008k4...@fasolo.debian.org> and subject line Bug#929154: fixed in libvirt 5.0.0-2.1 has caused the Debian Bug report #929154, regarding libvirt: cpu_map: Define md-clear CPUID bit (CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091) to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 929154: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929154 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: libvirt Version: 5.0.0-2 Severity: grave Tags: security upstream Control: found -1 3.0.0-4+deb9u3 Control: found -1 3.0.0-4 Hi libvirt need to define md-clear CPUID bit for the MDS vulnerabilites. There is https://libvirt.org/git/?p=libvirt.git;a=commit;h=538d873571d7a682852dc1d70e5f4478f4d64e85 > cpu_map: Define md-clear CPUID bit > > CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091 > > The bit is set when microcode provides the mechanism to invoke a flush > of various exploitable CPU buffers by invoking the VERW instruction. The issues are not really in libvirt itself, but to protect VM users libvirt would need as well an update. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: libvirt Source-Version: 5.0.0-2.1 We believe that the bug you reported is fixed in the latest version of libvirt, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 929...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated libvirt package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 19 May 2019 13:50:25 +0200 Source: libvirt Architecture: source Version: 5.0.0-2.1 Distribution: unstable Urgency: medium Maintainer: Debian Libvirt Maintainers <pkg-libvirt-maintain...@lists.alioth.debian.org> Changed-By: Salvatore Bonaccorso <car...@debian.org> Closes: 929154 Changes: libvirt (5.0.0-2.1) unstable; urgency=medium . * Non-maintainer upload. . [ Guido Günther ] * [3a9c65c] d/control: Fix typo * [b9935e5] d/control: Drop Debian revision on iptables build-dep. Any version greater than 1.8.1 will do. . [ Salvatore Bonaccorso ] * [b811e38] cpu_map: Define md-clear CPUID bit (CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091) (Closes: #929154) Checksums-Sha1: 82ed5b7c581a963188c0374bdaa6fd1f9355cdb7 4516 libvirt_5.0.0-2.1.dsc f022d65dbe33c1f536e7eb4051d79b173e9e5fac 72028 libvirt_5.0.0-2.1.debian.tar.xz Checksums-Sha256: cdd0574d0f683164e32c4da09e60491be5676510a75509c10545ce8f2030dbd6 4516 libvirt_5.0.0-2.1.dsc 6716fe7f41fa59b2686b0f3f84e01196432475d2b475801663c90f0090b048ef 72028 libvirt_5.0.0-2.1.debian.tar.xz Files: 4d9236b56bb86e7e61ad5dc6a1ceffcf 4516 libs optional libvirt_5.0.0-2.1.dsc 0c920f39d0f832f3207c008bb3ac4f38 72028 libs optional libvirt_5.0.0-2.1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlzhR/BfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89E2tsP/1OlKNrWhgGFErRYQfScWh+PMgEiE5fY Q9Q0iNC+rTdXkhu3qK6yIvIYcowzGddeV7f6jhm2abvq6stOk14HYiOQ/zab8nUJ NgvvJ7lcQXUSfUd62N9//FtcXvaKTTh5IMk4Arhg+SOUepTbtugiA1d+wUprwjzO A4Tp2mYVnNYpf9cFVx57D3rJJcoD1LN2rt+eJ5mjwDWF4mymyzgg9tjoHBbaomGB OepsA4OL6S6Oy54uXuvTv+J9LqqwBrDqFw3epr0b9lKfFHB/7+upMNgwfWMEKxjK T6fwtLoxSdev2PRuuMxs0j0U++I2SXAxywoqkPDJXBvLV+Pl0TaEyKafoJGRL0y5 MWfTj8IqE0c/mTjkQgvrqQ8EJ4OdR+MBFQGZ74n+Vh6FU0xmiHVmWtT4Fj7cJqzz oRM2OIbIseu3iYEA1otAfEMRZL+J89X0sIARJwlQd9CrpGQbBDgKpLlO3ghr2SlY IKGxn4IWbZAmoiXaxlImSMLPT4HwiVZ2OPf8xyInYVueKDmV8IcNPDE7wOzIry6a RoIK00ufRa9+9eft7t2D4JP5edJSE6V0LaxnLIFewP07Fys61WDKUG8MAUbctDXB eSadp3Js+K219LVzDC6KCvwViRlGt4QtXoDv9UJitYRPARvf8kAcYg5xMYlvz3+y 2TcJfT1Yl3R3 =6+lH -----END PGP SIGNATURE-----
--- End Message ---
