Your message dated Thu, 17 Sep 2020 21:02:11 +0000 with message-id <e1kj12h-000a6g...@fasolo.debian.org> and subject line Bug#968947: fixed in qemu 1:3.1+dfsg-8+deb10u8 has caused the Debian Bug report #968947, regarding qemu: CVE-2020-14364: usb: out-of-bounds r/w access issue to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 968947: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=968947 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: qemu Version: 1:5.1+dfsg-3 Severity: important Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Hi, The following vulnerability was published for qemu. CVE-2020-14364[0]: | usb: out-of-bounds r/w access issue If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2020-14364 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14364 [1] https://xenbits.xen.org/xsa/advisory-335.html Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: qemu Source-Version: 1:3.1+dfsg-8+deb10u8 Done: Michael Tokarev <m...@tls.msk.ru> We believe that the bug you reported is fixed in the latest version of qemu, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 968...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Michael Tokarev <m...@tls.msk.ru> (supplier of updated qemu package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Fri, 24 Jul 2020 15:00:34 +0300 Source: qemu Architecture: source Version: 1:3.1+dfsg-8+deb10u8 Distribution: buster-security Urgency: medium Maintainer: Debian QEMU Team <pkg-qemu-de...@lists.alioth.debian.org> Changed-By: Michael Tokarev <m...@tls.msk.ru> Closes: 961451 968947 Changes: qemu (1:3.1+dfsg-8+deb10u8) buster-security; urgency=medium . * mention fixing of CVE-2020-13765 in 3.1+dfsg-8+deb10u6 * xgmac-fix-buffer-overflow-in-xgmac_enet_send-CVE-2020-15863.patch ARM-only XGMAC NIC, possible buffer overflow during packet transmission Closes: CVE-2020-15863 * sm501 OOB read/write due to integer overflow in sm501_2d_operation() List of patches: sm501-convert-printf-abort-to-qemu_log_mask.patch sm501-shorten-long-variable-names-in-sm501_2d_operation.patch sm501-use-BIT-macro-to-shorten-constant.patch sm501-clean-up-local-variables-in-sm501_2d_operation.patch sm501-replace-hand-written-implementation-with-pixman-CVE-2020-12829.patch Closes: #961451, CVE-2020-12829 * usb-fix-setup_len-init-CVE-2020-14364.patch Fix OOB r/w access in USB emulation Closes: #968947, CVE-2020-14364 * net-assertion-in-net_tx_pkt_add_raw_fragment-CVE-2020-16092.patch Fix net_tx_pkt_add_raw_fragment assertion in e1000e & vmxnet3 Closes: CVE-2020-16092 Checksums-Sha1: 06ce21a4f3e334d44b93815fd52a8e8af7bf9de0 6155 qemu_3.1+dfsg-8+deb10u8.dsc 2fdfb7149f38a1004dea729b167dac0c5af04877 117240 qemu_3.1+dfsg-8+deb10u8.debian.tar.xz 5d0bd3c17f6d080fdea23beba500ea65976f78b7 16555 qemu_3.1+dfsg-8+deb10u8_source.buildinfo Checksums-Sha256: 643ff49e51001ea7b5cb6558553fbe066fefe15a9538f31cb2ba09f57fffb2a9 6155 qemu_3.1+dfsg-8+deb10u8.dsc d0cc0d21c917c961d1f6be8be36e4bba5f6a11528d51e6dac413628c5d65333e 117240 qemu_3.1+dfsg-8+deb10u8.debian.tar.xz 3592d35b979a5cf65bcad939b6e0ad3e8a4924dc2b5cd74d176aec1d5fda341d 16555 qemu_3.1+dfsg-8+deb10u8_source.buildinfo Files: 839388fcb2aa5aa1de369121b5499496 6155 otherosfs optional qemu_3.1+dfsg-8+deb10u8.dsc c546a461ca5d92acc854e77be28ba4db 117240 otherosfs optional qemu_3.1+dfsg-8+deb10u8.debian.tar.xz 8934dfa9453dc9fa41cb8b3bf8ae2f26 16555 otherosfs optional qemu_3.1+dfsg-8+deb10u8_source.buildinfo -----BEGIN PGP SIGNATURE----- iQFDBAEBCAAtFiEEe3O61ovnosKJMUsicBtPaxppPlkFAl9SHLkPHG1qdEB0bHMu bXNrLnJ1AAoJEHAbT2saaT5ZlRwIAIPFG2MULYSWJi7c0hNlXD0dvMO/uzu//PGn DK+ZQjKUfaY6ozqOb2s4xfMgITHieATWwEausFpmqvfuWBDv7/d9g5bI9iC80FZ2 D/17i8wwfH8soFQKAErcylORWwcFEC1XqQHOjj2raCqZN0+A8Yj3Hi+i6JcxzQZr KgvVcxi0i6sDBKQdc1K3h74s5Fp3StSvBguxTq9EJA04H9uUDybceSPEj5OiSUIu M7ybpJ01/M3Q31hRVaTTMa/j5dqLhSObvYfsJUou+WNtNi126qxFapbjaYNmo0X1 sHuw5Be3Vbrxyw3NnC2EaMBFZNWp6P4Lepud1g64Bx12af0UfoI= =qv36 -----END PGP SIGNATURE-----
--- End Message ---
