Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>;
Reported by: Salvatore Bonaccorso <carnil@debian.org>
Date: Sat, 9 Jan 2016 13:30:01 UTC
Severity: important
Tags: security, upstream
Found in version qemu/1.1.2+dfsg-6a
Fixed in versions qemu/1:2.5+dfsg-2, qemu/1:2.1+dfsg-12+deb8u5, qemu/1:2.1+dfsg-12+deb8u5a, qemu/1.1.2+dfsg-6a+deb7u12, qemu-kvm/1.1.2+dfsg-6+deb7u12
Done: Michael Tokarev <mjt@tls.msk.ru>
Bug is archived. No further changes may be made.
View this report as an mbox folder, status mbox, maintainer mbox
Report forwarded
to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>
:
Bug#810519
; Package src:qemu
.
(Sat, 09 Jan 2016 13:30:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>
:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>
.
(Sat, 09 Jan 2016 13:30:05 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: qemu Version: 1.1.2+dfsg-6a Severity: important Tags: security upstream Hi, the following vulnerability was published for qemu. CVE-2015-8743[0]: net: ne2000: OOB r/w in ioport operations If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2015-8743 [1] https://bugzilla.redhat.com/show_bug.cgi?id=1264929 [2] https://lists.gnu.org/archive/html/qemu-devel/2016-01/msg00050.html Regards, Salvatore
Added tag(s) pending.
Request was from <mjt@tls.msk.ru>
to control@bugs.debian.org
.
(Sat, 09 Jan 2016 18:30:26 GMT) (full text, mbox, link).
Reply sent
to Michael Tokarev <mjt@tls.msk.ru>
:
You have taken responsibility.
(Sat, 09 Jan 2016 18:51:37 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>
:
Bug acknowledged by developer.
(Sat, 09 Jan 2016 18:51:37 GMT) (full text, mbox, link).
Message #12 received at 810519-close@bugs.debian.org (full text, mbox, reply):
Source: qemu Source-Version: 1:2.5+dfsg-2 We believe that the bug you reported is fixed in the latest version of qemu, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 810519@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Michael Tokarev <mjt@tls.msk.ru> (supplier of updated qemu package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sat, 09 Jan 2016 21:40:43 +0300 Source: qemu Binary: qemu qemu-system qemu-block-extra qemu-system-common qemu-system-misc qemu-system-arm qemu-system-mips qemu-system-ppc qemu-system-sparc qemu-system-x86 qemu-user qemu-user-static qemu-user-binfmt qemu-utils qemu-guest-agent qemu-kvm Architecture: source Version: 1:2.5+dfsg-2 Distribution: unstable Urgency: high Maintainer: Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org> Changed-By: Michael Tokarev <mjt@tls.msk.ru> Description: qemu - fast processor emulator qemu-block-extra - extra block backend modules for qemu-system and qemu-utils qemu-guest-agent - Guest-side qemu-system agent qemu-kvm - QEMU Full virtualization on x86 hardware qemu-system - QEMU full system emulation binaries qemu-system-arm - QEMU full system emulation binaries (arm) qemu-system-common - QEMU full system emulation binaries (common files) qemu-system-mips - QEMU full system emulation binaries (mips) qemu-system-misc - QEMU full system emulation binaries (miscelaneous) qemu-system-ppc - QEMU full system emulation binaries (ppc) qemu-system-sparc - QEMU full system emulation binaries (sparc) qemu-system-x86 - QEMU full system emulation binaries (x86) qemu-user - QEMU user mode emulation binaries qemu-user-binfmt - QEMU user mode binfmt registration for qemu-user qemu-user-static - QEMU user mode emulation binaries (static version) qemu-utils - QEMU utilities Closes: 808144 808357 809229 810205 810519 810527 Changes: qemu (1:2.5+dfsg-2) unstable; urgency=high . * ehci-make-idt-processing-more-robust-CVE-2015-8558.patch (Closes: #808144, CVE-2015-8558) * virtio-9p-use-accessor-to-get-thread_pool.patch (Closes: #808357) * two upstream patches from xsa-155 fixing unsafe shared memory access in xen (Closes: #809229, CVE-2015-8550) * net-ne2000-fix-bounds-check-in-ioport-operations-CVE-2015-8743.patch (Closes: #810519, CVE-2015-8743) * ide-ahci-reset-ncq-object-to-unused-on-error-CVE-2016-1568.patch (Closes: #810527, CVE-2016-1568) * changed build-depends from libpng12-dev to libpng-dev (Closes: #810205) Checksums-Sha1: bce0885a87fc215de54ad7a160ac157db0bb8806 5373 qemu_2.5+dfsg-2.dsc 016493b87f10ee3c35ee2f0c3fe807400d2c8bf7 63920 qemu_2.5+dfsg-2.debian.tar.xz Checksums-Sha256: 0f17850c31ec2f12c73fe08479f4bcacf5341cdb78c26221e1d5639f08f6f444 5373 qemu_2.5+dfsg-2.dsc 57b7c2fdb5ca5f9903cb965515ec1a8ae365be95a3bd11da80d1bb110682e61c 63920 qemu_2.5+dfsg-2.debian.tar.xz Files: 40c903484b12a919513b3fb8fe4ac7ea 5373 otherosfs optional qemu_2.5+dfsg-2.dsc 66da57b6ef6e9e1833b94fbcbd1a5d9a 63920 otherosfs optional qemu_2.5+dfsg-2.debian.tar.xz -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJWkVSVAAoJEL7lnXSkw9fbfz4H/jhuDilOwGBver/w7PHZO1l2 HwBzIbTuBWxxfcmqXoksIixx3TVFdo64StHVCeScTsO1xyY9/n8UpzgWNH8Xxygb +oCKt/baN5UQaHlRfupg1xbMSWFKQJcXyCs7/bH+yu6DTF4QT39y5e0B6s1QfBG2 LR/Hy/ycmz1oChG3B9haVYLWIvLD0O0M2kvARjpGGt++aIR0H23C3I2kyYMmDM2U eeRRp9OzWFvurDMTwUKolPwKINVO5pxikl15rZcIX5jfFojP2jwT/kuaIk9x9IQb xTBUSe1VgT6ubTc1m5hUmaWmtlLm0vd+xs0A3/JPaBdioisFyQDluL4chYt1cvE= =8q9I -----END PGP SIGNATURE-----
Reply sent
to Michael Tokarev <mjt@tls.msk.ru>
:
You have taken responsibility.
(Wed, 10 Feb 2016 22:23:20 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>
:
Bug acknowledged by developer.
(Wed, 10 Feb 2016 22:23:20 GMT) (full text, mbox, link).
Message #17 received at 810519-close@bugs.debian.org (full text, mbox, reply):
Source: qemu Source-Version: 1:2.1+dfsg-12+deb8u5 We believe that the bug you reported is fixed in the latest version of qemu, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 810519@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Michael Tokarev <mjt@tls.msk.ru> (supplier of updated qemu package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Mon, 01 Feb 2016 23:32:49 +0300 Source: qemu Binary: qemu qemu-system qemu-system-common qemu-system-misc qemu-system-arm qemu-system-mips qemu-system-ppc qemu-system-sparc qemu-system-x86 qemu-user qemu-user-static qemu-user-binfmt qemu-utils qemu-guest-agent qemu-kvm Architecture: source Version: 1:2.1+dfsg-12+deb8u5 Distribution: jessie-security Urgency: high Maintainer: Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org> Changed-By: Michael Tokarev <mjt@tls.msk.ru> Description: qemu - fast processor emulator qemu-guest-agent - Guest-side qemu-system agent qemu-kvm - QEMU Full virtualization on x86 hardware qemu-system - QEMU full system emulation binaries qemu-system-arm - QEMU full system emulation binaries (arm) qemu-system-common - QEMU full system emulation binaries (common files) qemu-system-mips - QEMU full system emulation binaries (mips) qemu-system-misc - QEMU full system emulation binaries (miscelaneous) qemu-system-ppc - QEMU full system emulation binaries (ppc) qemu-system-sparc - QEMU full system emulation binaries (sparc) qemu-system-x86 - QEMU full system emulation binaries (x86) qemu-user - QEMU user mode emulation binaries qemu-user-binfmt - QEMU user mode binfmt registration for qemu-user qemu-user-static - QEMU user mode emulation binaries (static version) qemu-utils - QEMU utilities Closes: 799452 806373 806741 806742 808130 808131 808144 808145 809229 809232 810519 810527 811201 Changes: qemu (1:2.1+dfsg-12+deb8u5) jessie-security; urgency=high . * applied 3 patches from upstream to fix virtio-net possible remote DoS (Closes: #799452 CVE-2015-7295) * pcnet-add-check-to-validate-receive-data-size-CVE-2015-7504.patch (Closes: #806742, CVE-2015-7504) * pcnet-fix-rx-buffer-overflow-CVE-2015-7512.patch (Closes: #806741, CVE-2015-7512) * msix-implement-pba-write-but-read-only-CVE-2015-7549.patch (Closes: #808131, CVE-2015-7549) * eepro100-prevent-two-endless-loops-CVE-2015-8345.patch (Closes: #806373, CVE-2015-8345) * vnc-avoid-floating-point-exception-CVE-2015-8504.patch (Closes: #808130, CVE-2015-8504) * ehci-make-idt-processing-more-robust-CVE-2015-8558.patch (Closes: #808144, CVE-2015-8558) * two upstream patches from xsa-155 fixing unsafe shared memory access in xen (Closes: #809229, CVE-2015-8550) * net-ne2000-fix-bounds-check-in-ioport-operations-CVE-2015-8743.patch (Closes: #810519, CVE-2015-8743) * net-vmxnet3-avoid-memory-leakage-in-activate_device-[...].patch (Closes: #808145, CVE-2015-8567, CVE-2015-8568) * scsi-initialise-info-object-with-appropriate-size-CVE-2015-8613.patch (Closes: #809232, CVE-2015-8613) * vmxnet3-refine-l2-header-validation-CVE-2015-8744.patch (Closes: CVE-2015-8744) * vmxnet3-support-reading-IMR-registers-on-bar0-CVE-2015-8745.patch (Closes: CVE-2015-8745) * ide-ahci-reset-ncq-object-to-unused-on-error-CVE-2016-1568.patch (Closes: #810527, CVE-2016-1568) * fw_cfg-add-check-to-validate-current-entry-value-CVE-2016-1714.patch (Closes: CVE-2016-1714) * i386-avoid-null-pointer-dereference-CVE-2016-1922.patch (Closes: #811201, CVE-2016-1922) Checksums-Sha1: e83e863c38e418b2623c6700b13c8c4c4f6e7eb9 5174 qemu_2.1+dfsg-12+deb8u5.dsc 54a39c8e48b1b1e7d39beeeb7eb9fc554623897f 127544 qemu_2.1+dfsg-12+deb8u5.debian.tar.xz Checksums-Sha256: 5ab190585d859a94c3aee7397c6c54a3f9c9169fbee45a694d33962b2af9b62f 5174 qemu_2.1+dfsg-12+deb8u5.dsc 938be4ec654e623b0ad783eba71b951d7c92f98f803a1671e27de896d7009beb 127544 qemu_2.1+dfsg-12+deb8u5.debian.tar.xz Files: e51c9efc7305e91cf03a6c5f6b4f49d4 5174 otherosfs optional qemu_2.1+dfsg-12+deb8u5.dsc ab8611a4548efcb3c4c0aca8ab64590a 127544 otherosfs optional qemu_2.1+dfsg-12+deb8u5.debian.tar.xz -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJWr8SBAAoJEL7lnXSkw9fbzYcH/RA8b2ogrYlEKYvYtcPn6gC2 27WWqxQ4Rkiaja61msNJvsnYFIMOh/HuFGDbXQoewV064I7AltnjNCwSSTs4vPTn hEZeN2C7tEsW9vQ/O85Xb7g8ZVPxov6hsfF9U/k0OIi84kZp8Vgj5JkJV5Sp1XFL YrLB8GnMO4AojP5S904mIMTjpB0OfitPUNo29r8Ppce+Wr+s35gPja7iGp+hFwyE h9x+e//tqMtuj3TNrfhkbnF4rUgOyvmm7T79GY2Ma5vgjMGU9ZT+I6Jl8DsyWMAd U3AkhMP3K8+86gKPnDoFpleIZeL7u74R5px586BzAQOn2fl1e8JgytUVE4QCV4A= =l7aU -----END PGP SIGNATURE-----
Reply sent
to Michael Tokarev <mjt@tls.msk.ru>
:
You have taken responsibility.
(Wed, 10 Feb 2016 22:23:23 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>
:
Bug acknowledged by developer.
(Wed, 10 Feb 2016 22:23:23 GMT) (full text, mbox, link).
Message #22 received at 810519-close@bugs.debian.org (full text, mbox, reply):
Source: qemu Source-Version: 1:2.1+dfsg-12+deb8u5a We believe that the bug you reported is fixed in the latest version of qemu, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 810519@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Michael Tokarev <mjt@tls.msk.ru> (supplier of updated qemu package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Mon, 08 Feb 2016 10:33:30 +0300 Source: qemu Binary: qemu qemu-system qemu-system-common qemu-system-misc qemu-system-arm qemu-system-mips qemu-system-ppc qemu-system-sparc qemu-system-x86 qemu-user qemu-user-static qemu-user-binfmt qemu-utils qemu-guest-agent qemu-kvm Architecture: source amd64 Version: 1:2.1+dfsg-12+deb8u5a Distribution: jessie-security Urgency: high Maintainer: Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org> Changed-By: Michael Tokarev <mjt@tls.msk.ru> Description: qemu - fast processor emulator qemu-guest-agent - Guest-side qemu-system agent qemu-kvm - QEMU Full virtualization on x86 hardware qemu-system - QEMU full system emulation binaries qemu-system-arm - QEMU full system emulation binaries (arm) qemu-system-common - QEMU full system emulation binaries (common files) qemu-system-mips - QEMU full system emulation binaries (mips) qemu-system-misc - QEMU full system emulation binaries (miscelaneous) qemu-system-ppc - QEMU full system emulation binaries (ppc) qemu-system-sparc - QEMU full system emulation binaries (sparc) qemu-system-x86 - QEMU full system emulation binaries (x86) qemu-user - QEMU user mode emulation binaries qemu-user-binfmt - QEMU user mode binfmt registration for qemu-user qemu-user-static - QEMU user mode emulation binaries (static version) qemu-utils - QEMU utilities Closes: 799452 806373 806741 806742 808130 808131 808144 808145 809229 809232 809237 810519 810527 811201 812307 Changes: qemu (1:2.1+dfsg-12+deb8u5a) jessie-security; urgency=high . * applied 3 patches from upstream to fix virtio-net possible remote DoS (Closes: #799452 CVE-2015-7295) * pcnet-add-check-to-validate-receive-data-size-CVE-2015-7504.patch (Closes: #806742, CVE-2015-7504) * pcnet-fix-rx-buffer-overflow-CVE-2015-7512.patch (Closes: #806741, CVE-2015-7512) * msix-implement-pba-write-but-read-only-CVE-2015-7549.patch (Closes: #808131, CVE-2015-7549) * eepro100-prevent-two-endless-loops-CVE-2015-8345.patch (Closes: #806373, CVE-2015-8345) * vnc-avoid-floating-point-exception-CVE-2015-8504.patch (Closes: #808130, CVE-2015-8504) * ehci-make-idt-processing-more-robust-CVE-2015-8558.patch (Closes: #808144, CVE-2015-8558) * two upstream patches from xsa-155 fixing unsafe shared memory access in xen (Closes: #809229, CVE-2015-8550) * net-ne2000-fix-bounds-check-in-ioport-operations-CVE-2015-8743.patch (Closes: #810519, CVE-2015-8743) * net-vmxnet3-avoid-memory-leakage-in-activate_device-[...].patch (Closes: #808145, CVE-2015-8567, CVE-2015-8568) * scsi-initialise-info-object-with-appropriate-size-CVE-2015-8613.patch (Closes: #809232, CVE-2015-8613) * vmxnet3-refine-l2-header-validation-CVE-2015-8744.patch (Closes: CVE-2015-8744) * vmxnet3-support-reading-IMR-registers-on-bar0-CVE-2015-8745.patch (Closes: CVE-2015-8745) * ide-ahci-reset-ncq-object-to-unused-on-error-CVE-2016-1568.patch (Closes: #810527, CVE-2016-1568) * fw_cfg-add-check-to-validate-current-entry-value-CVE-2016-1714.patch (Closes: CVE-2016-1714) * i386-avoid-null-pointer-dereference-CVE-2016-1922.patch (Closes: #811201, CVE-2016-1922) * e1000-eliminate-infinite-loops-on-out-of-bounds-start-CVE-2016-1981.patch (Closes: #812307, CVE-2016-1981) * hmp-fix-sendkey-out-of-bounds-write-CVE-2015-8619.patch (Closes: #809237, CVE-2015-8619) Checksums-Sha1: 98393c6d4d972757e6a15b457b4904536a92ca3f 5176 qemu_2.1+dfsg-12+deb8u5a.dsc a5928d53f352ec549837ba63f55c5d52341999be 128076 qemu_2.1+dfsg-12+deb8u5a.debian.tar.xz d96b963059051a0941213cad62d8b6f61316d56c 122694 qemu_2.1+dfsg-12+deb8u5a_amd64.deb 542fde82530914515f19f0f042bac8eaa23e20c9 51930 qemu-system_2.1+dfsg-12+deb8u5a_amd64.deb 40fa761909e8a021db40334df486cd2f8c4de3e5 281718 qemu-system-common_2.1+dfsg-12+deb8u5a_amd64.deb 390417db23daeef6f5f6d3ba04678c6cd002edf6 5198408 qemu-system-misc_2.1+dfsg-12+deb8u5a_amd64.deb 5e88681a3ea2e9ff9efca27b577509633ac3b7a0 2231682 qemu-system-arm_2.1+dfsg-12+deb8u5a_amd64.deb 634f0ed0c7bcf2382986487d0d3e1c3bb85e4fd7 2553396 qemu-system-mips_2.1+dfsg-12+deb8u5a_amd64.deb e23e74a457a77294e8b352a41d52370f2540e126 2831746 qemu-system-ppc_2.1+dfsg-12+deb8u5a_amd64.deb 01f345932dc38a48c321fddb4bd7b8e9afb05027 1668400 qemu-system-sparc_2.1+dfsg-12+deb8u5a_amd64.deb 0956ce514ae60d1c9719b5b1603994acfa180c2a 2044598 qemu-system-x86_2.1+dfsg-12+deb8u5a_amd64.deb ec29c3080f143940fd1ead9a7f0afd8c4ae18468 4890826 qemu-user_2.1+dfsg-12+deb8u5a_amd64.deb ab78e3a696a5f45b0124bd7656fae0c62e8a24a3 6897096 qemu-user-static_2.1+dfsg-12+deb8u5a_amd64.deb 09db7d2562f837c63d69c9cb1cc34a5a82f2dbc9 2888 qemu-user-binfmt_2.1+dfsg-12+deb8u5a_amd64.deb 9ae42be909bfc7d300116437360207edbefdfd29 482032 qemu-utils_2.1+dfsg-12+deb8u5a_amd64.deb 22bd2658155dfac41eec7cab0cdca0f41c05fc25 136226 qemu-guest-agent_2.1+dfsg-12+deb8u5a_amd64.deb fc9df80dc40eb7e9fc4b966194a3d2f1cf70f0b9 52592 qemu-kvm_2.1+dfsg-12+deb8u5a_amd64.deb Checksums-Sha256: 98fa7600ac3de587dde19cafcc1e3fc4b87fa12c98fcfc250d53d6dea6bcc5a4 5176 qemu_2.1+dfsg-12+deb8u5a.dsc 82a3ca376b1b1fe54fe8f9b2cdd5c011bf48d4c0f1e53477c2f29eb38e3e4112 128076 qemu_2.1+dfsg-12+deb8u5a.debian.tar.xz 3e0575a19148799c0a3eff042de7cf646a11a49c941e7a2af027697355b5dd27 122694 qemu_2.1+dfsg-12+deb8u5a_amd64.deb 62db8ac185f8f694b7a9cd3343617a520cf1981458c3c8ed0c3466ac764ec422 51930 qemu-system_2.1+dfsg-12+deb8u5a_amd64.deb 65cc97dac7b417459c8e9ee5013eff3516eb733f115539d20a70f7190e34e842 281718 qemu-system-common_2.1+dfsg-12+deb8u5a_amd64.deb e6764676a7c333ac2ccf037e4b70618750a8602cde8adbe9bc3cd4a036e361fb 5198408 qemu-system-misc_2.1+dfsg-12+deb8u5a_amd64.deb 82cdd916405f704ea9bae209719033c7cc484c337d762cfb148cb115b1b91d10 2231682 qemu-system-arm_2.1+dfsg-12+deb8u5a_amd64.deb 371780bb36295143440a10c48434d6469edeb045f5c346d91c30b8d09161dfdf 2553396 qemu-system-mips_2.1+dfsg-12+deb8u5a_amd64.deb 1f5f23f61e8016cc73302c8421d5465e4be9876c6ce72128c606db0ab27ee3b2 2831746 qemu-system-ppc_2.1+dfsg-12+deb8u5a_amd64.deb 90fc055d05be115e37f9c542e08d0689a43807dec10897b321159865b0bcf596 1668400 qemu-system-sparc_2.1+dfsg-12+deb8u5a_amd64.deb 7af57abc1b3eba441e8101bb96e4680d394d8412b17678eef70fc36dcfcff4dd 2044598 qemu-system-x86_2.1+dfsg-12+deb8u5a_amd64.deb 15ff18405155818c81398ce49b50cdbb2d4be0613c7cdae05fe921f482535604 4890826 qemu-user_2.1+dfsg-12+deb8u5a_amd64.deb 6d76c5363d86a53f5c5068fc8fd7b86f6660a32d183716306b2753102306ee1f 6897096 qemu-user-static_2.1+dfsg-12+deb8u5a_amd64.deb 5c0171034764c277511101405a2d7fc872dc60cef7a28e485869a5489939692f 2888 qemu-user-binfmt_2.1+dfsg-12+deb8u5a_amd64.deb 8eb7783bd4c5a61464bf4a81887790f838065f2cbb3e73333399d8a1d5a9e76c 482032 qemu-utils_2.1+dfsg-12+deb8u5a_amd64.deb 471c752e2b8ac47488b169130740095c9e3ad4906b2f92ad2639184ac4d1c917 136226 qemu-guest-agent_2.1+dfsg-12+deb8u5a_amd64.deb da7f34f13daf1744fdc7f9b51edd7b970ea5609b16bb8494701195cf2cfb9c83 52592 qemu-kvm_2.1+dfsg-12+deb8u5a_amd64.deb Files: 44e143ee56afc22dffb491f3b335cba3 5176 otherosfs optional qemu_2.1+dfsg-12+deb8u5a.dsc b441926dec67df02d6194effce9a749e 128076 otherosfs optional qemu_2.1+dfsg-12+deb8u5a.debian.tar.xz 1ffe86a2fced4b3a2b0bad3b8bad605f 122694 otherosfs optional qemu_2.1+dfsg-12+deb8u5a_amd64.deb ed46bd5bd05618b4290f587a50e8f2af 51930 otherosfs optional qemu-system_2.1+dfsg-12+deb8u5a_amd64.deb 3c3b5e1d3cf942b52ac3771594f13e0c 281718 otherosfs optional qemu-system-common_2.1+dfsg-12+deb8u5a_amd64.deb 2b86a05b0aa2e5a0bf87e7480b9eecd5 5198408 otherosfs optional qemu-system-misc_2.1+dfsg-12+deb8u5a_amd64.deb 7a46975c95639075da833fd35c1b9394 2231682 otherosfs optional qemu-system-arm_2.1+dfsg-12+deb8u5a_amd64.deb 9723275929411168331a730805266b23 2553396 otherosfs optional qemu-system-mips_2.1+dfsg-12+deb8u5a_amd64.deb c168ca70082f88046a1a3c3f7a83cce3 2831746 otherosfs optional qemu-system-ppc_2.1+dfsg-12+deb8u5a_amd64.deb 6bb485fd5ee4784d94ca5c3e178f61ac 1668400 otherosfs optional qemu-system-sparc_2.1+dfsg-12+deb8u5a_amd64.deb 051a6a9e9fba93af38a27b3e6bd6b64c 2044598 otherosfs optional qemu-system-x86_2.1+dfsg-12+deb8u5a_amd64.deb ab193a8e1742d8380ea6a35127c99cd6 4890826 otherosfs optional qemu-user_2.1+dfsg-12+deb8u5a_amd64.deb 0489e816f32dc50a7f8f4d7a79e741b1 6897096 otherosfs optional qemu-user-static_2.1+dfsg-12+deb8u5a_amd64.deb b41437f4cdcf07e2a8137a7ce92c4522 2888 otherosfs optional qemu-user-binfmt_2.1+dfsg-12+deb8u5a_amd64.deb 0bbb16549689e5397e3a55ad7531c598 482032 otherosfs optional qemu-utils_2.1+dfsg-12+deb8u5a_amd64.deb c2c4ef5e05d15ae8cde6b80f9c1f7472 136226 otherosfs optional qemu-guest-agent_2.1+dfsg-12+deb8u5a_amd64.deb fac2f957c0ce24ef731e2b54a906fd9a 52592 otherosfs optional qemu-kvm_2.1+dfsg-12+deb8u5a_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBAgAGBQJWuEeEAAoJEL7lnXSkw9fbH3cIAKQi94EHeGSmHUG0HxqksPXX HPF+FLyHALyksmLmZIe5ouZF9qE6CQs80humKjnY+cGV/jOID/hDAcnMImBMlR4N 8v9RN79x8OTUjZ1frz8moeDkOH7g562/3qM5depEG6GbLiNL6urEtYWp2LU+krIc E2iUjE/LlDasYdXH9juD5MZcgHKvB0dMjRz/Qf0gnwpdkWAJSiamt9gBYqe+kJrf 6s7xmcbtbsHFgio6iMZ0r13zXWYLySzeLrp9cC+dzVYCBuKsXgSPwkz0rHNSLYGz 3wDVbt7AYU1AQGt1P5ZgHGRuSSgwGrzWNWGsvgWajQZn7C6qPPRc4X4CFL1u3rk= =6EQc -----END PGP SIGNATURE-----
Reply sent
to Michael Tokarev <mjt@tls.msk.ru>
:
You have taken responsibility.
(Wed, 10 Feb 2016 22:23:26 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>
:
Bug acknowledged by developer.
(Wed, 10 Feb 2016 22:23:26 GMT) (full text, mbox, link).
Message #27 received at 810519-close@bugs.debian.org (full text, mbox, reply):
Source: qemu Source-Version: 1.1.2+dfsg-6a+deb7u12 We believe that the bug you reported is fixed in the latest version of qemu, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 810519@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Michael Tokarev <mjt@tls.msk.ru> (supplier of updated qemu package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Mon, 01 Feb 2016 23:53:18 +0300 Source: qemu Binary: qemu qemu-keymaps qemu-system qemu-user qemu-user-static qemu-utils Architecture: source all amd64 Version: 1.1.2+dfsg-6a+deb7u12 Distribution: wheezy-security Urgency: high Maintainer: Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org> Changed-By: Michael Tokarev <mjt@tls.msk.ru> Description: qemu - fast processor emulator qemu-keymaps - QEMU keyboard maps qemu-system - QEMU full system emulation binaries qemu-user - QEMU user mode emulation binaries qemu-user-static - QEMU user mode emulation binaries (static version) qemu-utils - QEMU utilities Closes: 799452 806373 806741 806742 808130 808144 810519 810527 811201 Changes: qemu (1.1.2+dfsg-6a+deb7u12) wheezy-security; urgency=high . * applied 3 patches from upstream to fix virtio-net possible remote DoS (Closes: #799452 CVE-2015-7295) * pcnet-add-check-to-validate-receive-data-size-CVE-2015-7504.patch (Closes: #806742, CVE-2015-7504) * pcnet-fix-rx-buffer-overflow-CVE-2015-7512.patch (Closes: #806741, CVE-2015-7512) * eepro100-prevent-two-endless-loops-CVE-2015-8345.patch (Closes: #806373, CVE-2015-8345) * vnc-avoid-floating-point-exception-CVE-2015-8504.patch (Closes: #808130, CVE-2015-8504) * ehci-make-idt-processing-more-robust-CVE-2015-8558.patch (Closes: #808144, CVE-2015-8558) * net-ne2000-fix-bounds-check-in-ioport-operations-CVE-2015-8743.patch (Closes: #810519, CVE-2015-8743) * ide-ahci-reset-ncq-object-to-unused-on-error-CVE-2016-1568.patch (Closes: #810527, CVE-2016-1568) * fw_cfg-add-check-to-validate-current-entry-value-CVE-2016-1714.patch (Closes: CVE-2016-1714) * i386-avoid-null-pointer-dereference-CVE-2016-1922.patch (Closes: #811201, CVE-2016-1922) Checksums-Sha1: 8049b20d54a826ef824e18960b998c7557472b3f 2621 qemu_1.1.2+dfsg-6a+deb7u12.dsc ca5c1f97e6613394e18a96d79a2bfccdb6755104 128897 qemu_1.1.2+dfsg-6a+deb7u12.debian.tar.gz badd7b02e3010f7cf7f65f058ab1daa28f954dd0 50882 qemu-keymaps_1.1.2+dfsg-6a+deb7u12_all.deb ecb7a59bce9585e695c94850c7d1fdc54ea86a70 116268 qemu_1.1.2+dfsg-6a+deb7u12_amd64.deb 366ea277a6675ee9c9884b190eb7dc136bc1c6bb 27900478 qemu-system_1.1.2+dfsg-6a+deb7u12_amd64.deb c673b5e8aa3859846ebfebea3f23ba87d563ba08 7725480 qemu-user_1.1.2+dfsg-6a+deb7u12_amd64.deb 0fba70fb45d9378bb2dc99cf624b03f5f689d8b7 16572050 qemu-user-static_1.1.2+dfsg-6a+deb7u12_amd64.deb 7799b60222d8d4281baba8c15fa902a0170f7ede 665080 qemu-utils_1.1.2+dfsg-6a+deb7u12_amd64.deb Checksums-Sha256: 11de5b757f0daa8c0076e145f126b0468359d1273544c8b9cfeddb47273d4ad1 2621 qemu_1.1.2+dfsg-6a+deb7u12.dsc d023bfd26e9daada179627de8a25167e5534cb993261d3c5950036d7a6298cf1 128897 qemu_1.1.2+dfsg-6a+deb7u12.debian.tar.gz 5894b3037f5676b4058bb84b7a00166f56a3a596278aa2e457ded016ab22e1f9 50882 qemu-keymaps_1.1.2+dfsg-6a+deb7u12_all.deb f10a04468db9370f5121544bd4fc7b252956004eabe797c2a4dfec8f946eb344 116268 qemu_1.1.2+dfsg-6a+deb7u12_amd64.deb a7a6b8ad63fd2cc74198196ed2aac6c73083cc0c017395a9b6513ecc683e14d7 27900478 qemu-system_1.1.2+dfsg-6a+deb7u12_amd64.deb 14cb7234e0222403ca93d419c63e3195d89eac8c4fd5649e5a43eaf85565c6f6 7725480 qemu-user_1.1.2+dfsg-6a+deb7u12_amd64.deb 8ffeb21eba671458ed27b09a46d8872430c76ec4213caff4e498a2cdfaca0097 16572050 qemu-user-static_1.1.2+dfsg-6a+deb7u12_amd64.deb f3ee3a38739f62b2d3e6cf8daa19dd6e055a7d8c26f8b3afeefbbe8cd0f91046 665080 qemu-utils_1.1.2+dfsg-6a+deb7u12_amd64.deb Files: 5573dde7e7e417b8c8e0a169ffe1ae34 2621 misc optional qemu_1.1.2+dfsg-6a+deb7u12.dsc c40eb75e7070afc3ba085b11da235550 128897 misc optional qemu_1.1.2+dfsg-6a+deb7u12.debian.tar.gz 05657f12419d2284668c789ae1d03241 50882 misc optional qemu-keymaps_1.1.2+dfsg-6a+deb7u12_all.deb eee10df8a64c7e1a26dea186a6e97b81 116268 misc optional qemu_1.1.2+dfsg-6a+deb7u12_amd64.deb f7cb8e1521d5cc0509c366584607ecb9 27900478 misc optional qemu-system_1.1.2+dfsg-6a+deb7u12_amd64.deb fc1e6e19ecf87d653109ec0b428c5c51 7725480 misc optional qemu-user_1.1.2+dfsg-6a+deb7u12_amd64.deb 6888dbf0cba12930a94d7692a4ac57df 16572050 misc optional qemu-user-static_1.1.2+dfsg-6a+deb7u12_amd64.deb 6005db4212db4b1cb3aaf40a9baff08d 665080 misc optional qemu-utils_1.1.2+dfsg-6a+deb7u12_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBAgAGBQJWr8h4AAoJEL7lnXSkw9fbz7cH/0JQgJtjbVhQSExe/LQF/geu Kad4NMhtC3biiA+kBuRcPwpocrCBFhzjkV98kLZbwXMfp1yONGpr1NmOZA+A4Bn7 Bmos6s1GiA6UTgwyo08b5UjYSdqMABdFKFeWkyeOhj68H72yAXQBbxV8PEa19YpR GOVvj6h5/WPtwktbAZfRj3TrJOakcigmnuUGbvOO3yX8zAlJqR04rF1szN7JZADa fPsaYxokXxeN4qIrA5/iBSa70/eKIL2i8Hd7tW4jM2Q/vX94HMQHcrchXFEIgJ7v wVjT8urHMu3DzkTys70uP9bxHbigen2L4rFImFdI/pWZlBls9eFQaQ+1E/aTEmI= =V5vA -----END PGP SIGNATURE-----
Reply sent
to Michael Tokarev <mjt@tls.msk.ru>
:
You have taken responsibility.
(Wed, 10 Feb 2016 22:23:29 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>
:
Bug acknowledged by developer.
(Wed, 10 Feb 2016 22:23:29 GMT) (full text, mbox, link).
Message #32 received at 810519-close@bugs.debian.org (full text, mbox, reply):
Source: qemu-kvm Source-Version: 1.1.2+dfsg-6+deb7u12 We believe that the bug you reported is fixed in the latest version of qemu-kvm, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 810519@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Michael Tokarev <mjt@tls.msk.ru> (supplier of updated qemu-kvm package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Mon, 01 Feb 2016 23:53:18 +0300 Source: qemu-kvm Binary: qemu-kvm qemu-kvm-dbg kvm Architecture: source amd64 Version: 1.1.2+dfsg-6+deb7u12 Distribution: wheezy-security Urgency: high Maintainer: Michael Tokarev <mjt@tls.msk.ru> Changed-By: Michael Tokarev <mjt@tls.msk.ru> Description: kvm - dummy transitional package from kvm to qemu-kvm qemu-kvm - Full virtualization on x86 hardware qemu-kvm-dbg - Debugging info for qemu-kvm Closes: 799452 806373 806741 806742 808130 808144 810519 810527 811201 Changes: qemu-kvm (1.1.2+dfsg-6+deb7u12) wheezy-security; urgency=high . * applied 3 patches from upstream to fix virtio-net possible remote DoS (Closes: #799452 CVE-2015-7295) * pcnet-add-check-to-validate-receive-data-size-CVE-2015-7504.patch (Closes: #806742, CVE-2015-7504) * pcnet-fix-rx-buffer-overflow-CVE-2015-7512.patch (Closes: #806741, CVE-2015-7512) * eepro100-prevent-two-endless-loops-CVE-2015-8345.patch (Closes: #806373, CVE-2015-8345) * vnc-avoid-floating-point-exception-CVE-2015-8504.patch (Closes: #808130, CVE-2015-8504) * ehci-make-idt-processing-more-robust-CVE-2015-8558.patch (Closes: #808144, CVE-2015-8558) * net-ne2000-fix-bounds-check-in-ioport-operations-CVE-2015-8743.patch (Closes: #810519, CVE-2015-8743) * ide-ahci-reset-ncq-object-to-unused-on-error-CVE-2016-1568.patch (Closes: #810527, CVE-2016-1568) * fw_cfg-add-check-to-validate-current-entry-value-CVE-2016-1714.patch (Closes: CVE-2016-1714) * i386-avoid-null-pointer-dereference-CVE-2016-1922.patch (Closes: #811201, CVE-2016-1922) Checksums-Sha1: d4538c4f85783793c947cdc432f1dea179d8f46e 2141 qemu-kvm_1.1.2+dfsg-6+deb7u12.dsc 62b0ec7f261463d5ccd18f1b3cf9c6acdb4f2097 116561 qemu-kvm_1.1.2+dfsg-6+deb7u12.debian.tar.gz f6e8e1247549bc51e47dff0dc4f48b24d8e4d95c 1681396 qemu-kvm_1.1.2+dfsg-6+deb7u12_amd64.deb 9d9fcea3292a044e64953d9de999308524cfc7b5 5274642 qemu-kvm-dbg_1.1.2+dfsg-6+deb7u12_amd64.deb 48bab6462ebb9831dc04692d5b1146fb535843ff 25186 kvm_1.1.2+dfsg-6+deb7u12_amd64.deb Checksums-Sha256: 64beb4e6f29513979b48deb3932d826b457c25358011048b3c090d5682152bd8 2141 qemu-kvm_1.1.2+dfsg-6+deb7u12.dsc c10c5304d6e227f8e6090c3f77d2cc4368bde3c6710ee4f0cdd1963193dadaaa 116561 qemu-kvm_1.1.2+dfsg-6+deb7u12.debian.tar.gz bf8c0218e27ac52cca0d69be470a422caa49b27007c09b71ae4fe532e9ab5791 1681396 qemu-kvm_1.1.2+dfsg-6+deb7u12_amd64.deb 105d76435eb2cbc242c24c0cf9b0379699f56b0766c087f690e14e2919d0dcb3 5274642 qemu-kvm-dbg_1.1.2+dfsg-6+deb7u12_amd64.deb 2a7871dd81cd3ffe4d826c06e8df503ce5993137fdbbe7d9d03efa44aa719dac 25186 kvm_1.1.2+dfsg-6+deb7u12_amd64.deb Files: 144ef48116fcaf60b920412a1658994b 2141 misc optional qemu-kvm_1.1.2+dfsg-6+deb7u12.dsc 6c1789caffb3fad07ae93d02dd7415dc 116561 misc optional qemu-kvm_1.1.2+dfsg-6+deb7u12.debian.tar.gz 34cce6c5bed1c1658e71e2618a42547b 1681396 misc optional qemu-kvm_1.1.2+dfsg-6+deb7u12_amd64.deb 4392245f14166fdae50dbfbaa5fb02ce 5274642 debug extra qemu-kvm-dbg_1.1.2+dfsg-6+deb7u12_amd64.deb 221a8847104fb9f9cea071330a79fbae 25186 oldlibs extra kvm_1.1.2+dfsg-6+deb7u12_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBAgAGBQJWr8h6AAoJEL7lnXSkw9fbLt0H/2vgCcpm3suUaUsdZJZhifl/ fbgzYO25aFZ9yEdnz+/MLpXmXS4IvrD8gy4D+7a6HvoN6B8TLOgdGdpdvmlMXcDB +/buijAtLHWQVl7F/lugVXUHMpPB8Yas7NTvH33Q1j/YNeznc1U70fTZKCz6oLYd YfaRI0tEaPpnK9gG4LJfQotpzoKhYNtJrrcif3svKlOhGYHwrYVHdM1N64f1taph IkK4bpwwp5P3AWLeDzJF9ifpb635gwUr5G+yojnZggj/IZuIJS4Ibw/nMUrGbMT5 mgn24j1d7SMv/jbVpXCdtljtDfjU25zJBFY9Lna6D31yqzRHe7yd5ukoEct6u9A= =56BX -----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org
.
(Thu, 10 Mar 2016 07:28:30 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.
Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.