Your message dated Sat, 01 Feb 2020 08:45:39 +0000 with message-id <e1ixopl-0009gy...@fasolo.debian.org> and subject line Bug#949731: fixed in qemu 1:4.2-2 has caused the Debian Bug report #949731, regarding qemu: CVE-2020-1711: block: iscsi: OOB heap access via an unexpected response of iSCSI Server to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 949731: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=949731 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: qemu Version: 1:4.2-1 Severity: grave Tags: security upstream Justification: user security hole Forwarded: https://lists.gnu.org/archive/html/qemu-devel/2020-01/msg05535.html Hi, The following vulnerability was published for qemu. CVE-2020-1711[0]: | block: iscsi: OOB heap access via an unexpected response of iSCSI | Server If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2020-1711 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1711 [1] https://lists.gnu.org/archive/html/qemu-devel/2020-01/msg05535.html [2] https://www.openwall.com/lists/oss-security/2020/01/23/3 [3] https://bugzilla.redhat.com/show_bug.cgi?id=1794290 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: qemu Source-Version: 1:4.2-2 We believe that the bug you reported is fixed in the latest version of qemu, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 949...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Michael Tokarev <m...@tls.msk.ru> (supplier of updated qemu package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Fri, 31 Jan 2020 23:51:09 +0300 Source: qemu Architecture: source Version: 1:4.2-2 Distribution: unstable Urgency: medium Maintainer: Debian QEMU Team <pkg-qemu-de...@lists.alioth.debian.org> Changed-By: Michael Tokarev <m...@tls.msk.ru> Closes: 909743 935327 949731 Changes: qemu (1:4.2-2) unstable; urgency=medium . [ Fabrice Bauzac ] * Fix a typo in the description of the qemu binary package . [ Frédéric Bonnard ] * Enable powernv emulation with skiboot firmware . [ Michael R. Crusoe ] * Modernize watch file (Closes: #909743) . [ Christian Ehrhardt ] * d/control-in: promote qemu-efi/ovmf in Ubuntu * d/control-in: bump debhelper build-dep for compat 12 * - d/control-in: update VCS links * - d/control-in: disable bluetooth being deprecated * d/not-installed: ignore new interop docs and extra icons for now * do not install elf2dmp until namespaced * d/control-in: Enable numa support for s390x * Create qemu-system-s390x package (Ubuntu only for now) . [ Michael Tokarev ] * stop using inttypes.h in qboot code; this makes dependency on libc6-dev-i386 to be unnecessary * qboot-no-jump-tables.diff - use #pragma for one file in qboot * do not install qemu-edid and qemu-keymap for now * no need in bluetooth patches as bluetooth is disabled * scsi-cap-block-count-from-GET-LBA-STATUS-CVE-2020-1711.patch (Closes: #949731, CVE-2020-1711) * enable libpmem support on amd64|arm64|ppc64el (Closes: #935327) Checksums-Sha1: 072be0050fadf940b572113616b92ae5d793e526 6421 qemu_4.2-2.dsc 4ffbde58717036da506f1fdad768a582218e30c3 78992 qemu_4.2-2.debian.tar.xz 2439a69dbbbe6f79c76066e069bd4f5a42104f7f 8198 qemu_4.2-2_source.buildinfo Checksums-Sha256: 27f9e79d5d2d7df7905ad1bcdf04dba388f4bc51ac52fcb8a42aa67b399cf782 6421 qemu_4.2-2.dsc a75ad03d76f0a888d174c9fd4709b58944a16e55769b89f07dbad02a95e95358 78992 qemu_4.2-2.debian.tar.xz b0ffe248aa7f5aa69671c7af3747f42b3e9bc65bab3cf680a021cc930a4fdc3a 8198 qemu_4.2-2_source.buildinfo Files: 0f8c10e5c5506c607510dd950e1d6a2e 6421 otherosfs optional qemu_4.2-2.dsc e8f7aeb4f3427c87276b78c286dfc457 78992 otherosfs optional qemu_4.2-2.debian.tar.xz c24350c7a0417c30c5451b10af82b1f8 8198 otherosfs optional qemu_4.2-2_source.buildinfo -----BEGIN PGP SIGNATURE----- iQFDBAEBCAAtFiEEe3O61ovnosKJMUsicBtPaxppPlkFAl41MV4PHG1qdEB0bHMu bXNrLnJ1AAoJEHAbT2saaT5ZmLQH/2dwxtcCbhaO677m8MaUb/R8rkPNr4ZUn8WN rtkUHYS8wNKS8ViZHij3tpxWtVWSycwXjQQOV0IpQ+Ebou9hEW2oWEFIQHTATg6+ ENl9xzW9CS8BcuGuWDrKp9hA4yUFk7TbhAnHiDRwg94nR27Fycj1+FLVVsClTRJe NIDD3dfisSFpuGhcnui1cLjJvl6nJ1/ZYXLtBcfyF2un3z9FPNs+EVBDSVlokMjU 6WE7ybT+/PIlBuTu0aTQqQNGaywpgD2K1WPGZqAok3h6SR3aX66L7S56ltm7xKOx Dpy1jrPklDzE1tLt03X2tOSc3li2MLC6oTiryJvOiuYuWu5rh2o= =dCnH -----END PGP SIGNATURE-----
--- End Message ---
