Debian Bug report logs -
#799073
qemu: CVE-2015-5278: Infinite loop in ne2000_receive() function
Reported by: Salvatore Bonaccorso <carnil@debian.org>
Date: Tue, 15 Sep 2015 16:03:02 UTC
Severity: important
Tags: patch, security, upstream
Found in version qemu/1.1.2+dfsg-6a
Fixed in versions qemu/1:2.4+dfsg-3, qemu/1:2.1+dfsg-12+deb8u4, qemu/1.1.2+dfsg-6a+deb7u11, qemu-kvm/1.1.2+dfsg-6+deb7u11
Done: Michael Tokarev <mjt@tls.msk.ru>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>:
Bug#799073; Package src:qemu.
(Tue, 15 Sep 2015 16:03:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>.
(Tue, 15 Sep 2015 16:03:05 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: qemu
Version: 1.1.2+dfsg-6a
Severity: important
Tags: security upstream patch
Hi,
the following vulnerability was published for qemu.
CVE-2015-5278[0]:
net: avoid infinite loop when receiving packets
> Qemu emulator built with the NE2000 NIC emulation support is
> vulnerable to an infinite loop issue. It could occur when receiving
> packets over the network.
>
> A privileged user inside guest could use this flaw to crash the Qemu
> instance resulting in DoS.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2015-5278
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1256661
[2] https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg03985.html
Regards,
Salvatore
Reply sent
to Michael Tokarev <mjt@tls.msk.ru>:
You have taken responsibility.
(Tue, 15 Sep 2015 16:51:10 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer.
(Tue, 15 Sep 2015 16:51:11 GMT) (full text, mbox, link).
Message #10 received at 799073-close@bugs.debian.org (full text, mbox, reply):
Source: qemu
Source-Version: 1:2.4+dfsg-3
We believe that the bug you reported is fixed in the latest version of
qemu, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 799073@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michael Tokarev <mjt@tls.msk.ru> (supplier of updated qemu package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 15 Sep 2015 19:30:18 +0300
Source: qemu
Binary: qemu qemu-system qemu-block-extra qemu-system-common qemu-system-misc qemu-system-arm qemu-system-mips qemu-system-ppc qemu-system-sparc qemu-system-x86 qemu-user qemu-user-static qemu-user-binfmt qemu-utils qemu-guest-agent qemu-kvm libcacard0 libcacard-dev libcacard-tools
Architecture: source
Version: 1:2.4+dfsg-3
Distribution: unstable
Urgency: high
Maintainer: Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>
Changed-By: Michael Tokarev <mjt@tls.msk.ru>
Description:
libcacard-dev - Virtual Common Access Card (CAC) Emulator (development files)
libcacard-tools - Virtual Common Access Card (CAC) Emulator (tools)
libcacard0 - Virtual Common Access Card (CAC) Emulator (runtime library)
qemu - fast processor emulator
qemu-block-extra - extra block backend modules for qemu-system and qemu-utils
qemu-guest-agent - Guest-side qemu-system agent
qemu-kvm - QEMU Full virtualization on x86 hardware
qemu-system - QEMU full system emulation binaries
qemu-system-arm - QEMU full system emulation binaries (arm)
qemu-system-common - QEMU full system emulation binaries (common files)
qemu-system-mips - QEMU full system emulation binaries (mips)
qemu-system-misc - QEMU full system emulation binaries (miscelaneous)
qemu-system-ppc - QEMU full system emulation binaries (ppc)
qemu-system-sparc - QEMU full system emulation binaries (sparc)
qemu-system-x86 - QEMU full system emulation binaries (x86)
qemu-user - QEMU user mode emulation binaries
qemu-user-binfmt - QEMU user mode binfmt registration for qemu-user
qemu-user-static - QEMU user mode emulation binaries (static version)
qemu-utils - QEMU utilities
Closes: 784605 799073 799074
Changes:
qemu (1:2.4+dfsg-3) unstable; urgency=high
.
* ne2000-add-checks-to-validate-ring-buffer-pointers-CVE-2015-5279.patch
fix for Heap overflow vulnerability in ne2000_receive() function
(Closes: #799074 CVE-2015-5279)
* ne2000-avoid-infinite-loop-when-receiving-packets-CVE-2015-5278.patch
(Closes: #799073 CVE-2015-5278)
* some binfmt reorg:
- extend aarch64 to include one more byte as other arches do
- set OSABI mask to 0xfc for i386, ppc*, s390x, sparc*, to recognize
OSABI=3 (GNU/Linux) in addition to NONE/SysV
(Closes: #784605 #794737)
- tighten sh4 & sh4eb, fixing OSABI mask to be \xfc not 0
Checksums-Sha1:
64b811dcdbbab5bdd61561fc69e20d8110c82afe 6040 qemu_2.4+dfsg-3.dsc
5e1f6174087bdacf7fe2aba13f9ef0f8baef993f 65344 qemu_2.4+dfsg-3.debian.tar.xz
Checksums-Sha256:
a076e622cacbbe534c9606e192c4920a1aa3aa9d1cafd42be7fe8f6c2042a4c6 6040 qemu_2.4+dfsg-3.dsc
61a8526a6409957991370098d5cf8bdf69207a262838f9d3c39328ebcbfb3503 65344 qemu_2.4+dfsg-3.debian.tar.xz
Files:
70afbd0382b58669bc8e66d3e316db41 6040 otherosfs optional qemu_2.4+dfsg-3.dsc
a65897b3dda9e88988e55600e151bab6 65344 otherosfs optional qemu_2.4+dfsg-3.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJV+EfZAAoJEL7lnXSkw9fbfRsH/0Y9nkfwMekIefzNiqaE3XnW
E2mdqgfPEe5gkjhroYbmaGTEzKVGmzRksVrpDx3MKwUSvgO/jpNDLm2O4ybe21Fv
nVPz94xcRK4BTlS1Jj5i+tTDNOm9alfIVIGEg/VoNPLi4+n3k+HXyhb1SCz2Vcsc
32j7lp1ociUOmUIgmuMohrCzUlSwY+DzZN2xFWpXcLhkyxqilkLhgFkd5Mxloskq
sDJtebA0+MGgXs0QcZkgeGV4Va7RW+0hwWM0Tvn2HyKJf9uduyZKoHRI2BZzd4ya
NINqQYLax3QC5v5Zmi2XGgsE9ZKfSPX9NFfnp5AfeNg0d0eba6oJTQPKqVF8i34=
=S6CG
-----END PGP SIGNATURE-----
Reply sent
to Michael Tokarev <mjt@tls.msk.ru>:
You have taken responsibility.
(Tue, 22 Sep 2015 21:27:21 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer.
(Tue, 22 Sep 2015 21:27:21 GMT) (full text, mbox, link).
Message #15 received at 799073-close@bugs.debian.org (full text, mbox, reply):
Source: qemu
Source-Version: 1:2.1+dfsg-12+deb8u4
We believe that the bug you reported is fixed in the latest version of
qemu, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 799073@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michael Tokarev <mjt@tls.msk.ru> (supplier of updated qemu package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Tue, 15 Sep 2015 19:36:48 +0300
Source: qemu
Binary: qemu qemu-system qemu-system-common qemu-system-misc qemu-system-arm qemu-system-mips qemu-system-ppc qemu-system-sparc qemu-system-x86 qemu-user qemu-user-static qemu-user-binfmt qemu-utils qemu-guest-agent qemu-kvm
Architecture: source amd64
Version: 1:2.1+dfsg-12+deb8u4
Distribution: jessie-security
Urgency: high
Maintainer: Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>
Changed-By: Michael Tokarev <mjt@tls.msk.ru>
Description:
qemu - fast processor emulator
qemu-guest-agent - Guest-side qemu-system agent
qemu-kvm - QEMU Full virtualization on x86 hardware
qemu-system - QEMU full system emulation binaries
qemu-system-arm - QEMU full system emulation binaries (arm)
qemu-system-common - QEMU full system emulation binaries (common files)
qemu-system-mips - QEMU full system emulation binaries (mips)
qemu-system-misc - QEMU full system emulation binaries (miscelaneous)
qemu-system-ppc - QEMU full system emulation binaries (ppc)
qemu-system-sparc - QEMU full system emulation binaries (sparc)
qemu-system-x86 - QEMU full system emulation binaries (x86)
qemu-user - QEMU user mode emulation binaries
qemu-user-binfmt - QEMU user mode binfmt registration for qemu-user
qemu-user-static - QEMU user mode emulation binaries (static version)
qemu-utils - QEMU utilities
Closes: 799073 799074
Changes:
qemu (1:2.1+dfsg-12+deb8u4) jessie-security; urgency=high
.
* ne2000-add-checks-to-validate-ring-buffer-pointers-CVE-2015-5279.patch
fix for Heap overflow vulnerability in ne2000_receive() function
(Closes: #799074 CVE-2015-5279)
* ne2000-avoid-infinite-loop-when-receiving-packets-CVE-2015-5278.patch
(Closes: #799073 CVE-2015-5278)
Checksums-Sha1:
2ed1aba44343ad8a86ed3a6d74d6ff45acce6682 5172 qemu_2.1+dfsg-12+deb8u4.dsc
eb3c4912893c370df24613da7ab6520c65f343c6 115964 qemu_2.1+dfsg-12+deb8u4.debian.tar.xz
7a518aef6ae2754f71e34d9e249db5e0e4c7b6f4 122124 qemu_2.1+dfsg-12+deb8u4_amd64.deb
ca5112c63b738b889e5a28f3f033c70386390aa8 51342 qemu-system_2.1+dfsg-12+deb8u4_amd64.deb
4bde35c2d7ef613faf677737d241a64c04793bed 281040 qemu-system-common_2.1+dfsg-12+deb8u4_amd64.deb
e3e0768a6e0af335d283edb406080c211d65e298 5158908 qemu-system-misc_2.1+dfsg-12+deb8u4_amd64.deb
80d944323bdb846dd1397545e502d98852f4c6ec 2231334 qemu-system-arm_2.1+dfsg-12+deb8u4_amd64.deb
a58dc13d8b096b7552d4c3a9647ada97899a66e4 2565592 qemu-system-mips_2.1+dfsg-12+deb8u4_amd64.deb
064281d7a9dfcbb193cacdd475f74d74bfd191e4 2827760 qemu-system-ppc_2.1+dfsg-12+deb8u4_amd64.deb
3d09ce015e6d745380cdc738c9172d15bf4e3c59 1670308 qemu-system-sparc_2.1+dfsg-12+deb8u4_amd64.deb
2e7cd120afb904d7fa08424c716331f6bc47d19d 2043548 qemu-system-x86_2.1+dfsg-12+deb8u4_amd64.deb
2badd5781fdfaf6969ada091dd07a66e523e32da 4889608 qemu-user_2.1+dfsg-12+deb8u4_amd64.deb
71ddf82d10106aad770717990e3146135762ac65 6902928 qemu-user-static_2.1+dfsg-12+deb8u4_amd64.deb
faf34509a43f235c11aceab2ad56025966750df1 2884 qemu-user-binfmt_2.1+dfsg-12+deb8u4_amd64.deb
16aecfdf18c6cef3e961a5714300d0ddf672eb7b 481716 qemu-utils_2.1+dfsg-12+deb8u4_amd64.deb
ddb8c0ac05aac592267ff21638f73980c10614ee 135760 qemu-guest-agent_2.1+dfsg-12+deb8u4_amd64.deb
b4e46578c1deb9f4d9a898002a98827d0d2f5f09 52008 qemu-kvm_2.1+dfsg-12+deb8u4_amd64.deb
Checksums-Sha256:
5775945303e574ac743b3bd10ebf8c40348cac5c458d59f7b910b404ab832b83 5172 qemu_2.1+dfsg-12+deb8u4.dsc
18c2e1822484d6eac99f5b063b0acbd54cef86aa49c197e9f4a7af4da69718f9 115964 qemu_2.1+dfsg-12+deb8u4.debian.tar.xz
8381684bf47c29927d2ebe39f486922177629e7c26390102be822bbeeba9a9c5 122124 qemu_2.1+dfsg-12+deb8u4_amd64.deb
ff59a7c8353ed3bb89ad3ec876accb4137f5c224c3242f19c38a87420da26c26 51342 qemu-system_2.1+dfsg-12+deb8u4_amd64.deb
3590101b18902fcd76dce3d01b03fc443853c11467f08ade9c7500fe20202e66 281040 qemu-system-common_2.1+dfsg-12+deb8u4_amd64.deb
11da13b0d1dcfcdb58be821ba9f1024fa569a5f030876dc6c36aa83e9dc707be 5158908 qemu-system-misc_2.1+dfsg-12+deb8u4_amd64.deb
c1321e64253267bea8fe7426a2da668b3f758a6b119bf231b23d1fca845cbf0a 2231334 qemu-system-arm_2.1+dfsg-12+deb8u4_amd64.deb
33f2a59d0bb099f5b41e34317f2db9d6c348f03a5e7fa2f3bd157df33c92b224 2565592 qemu-system-mips_2.1+dfsg-12+deb8u4_amd64.deb
c816a52442fc61844014806d0a8bf679d6da161b4d12ddad710867845e12fd17 2827760 qemu-system-ppc_2.1+dfsg-12+deb8u4_amd64.deb
92237d57b419d637a3248908778e0267a4eeec8eb5014db9b075cf4b7449f36a 1670308 qemu-system-sparc_2.1+dfsg-12+deb8u4_amd64.deb
e11dda8a478933e436a37f39ca6cb63c1eb3d97c33c03d07575d9d419c6c8f85 2043548 qemu-system-x86_2.1+dfsg-12+deb8u4_amd64.deb
1b8860b046ba4f5e6c7c36e80ceb3e9774f20e39b10972f9d5eb05cb9d8557a9 4889608 qemu-user_2.1+dfsg-12+deb8u4_amd64.deb
93734e97ce09234767ee54ec5dd63be1b5f65d4952d7b68bda7b48544972227a 6902928 qemu-user-static_2.1+dfsg-12+deb8u4_amd64.deb
2576c641fccd424ba735f0c028f4fe1eab98a6ab89706f02bca7f520fbdf7fcb 2884 qemu-user-binfmt_2.1+dfsg-12+deb8u4_amd64.deb
7614049bafac596d51d040a0b4a7a5fc25cfdb7065385cf66d04ce9fa489de45 481716 qemu-utils_2.1+dfsg-12+deb8u4_amd64.deb
d34b8ff4904370fcfb4aa5ba741c33be6ae6d08b0d7abfc3ac4f6608a40b8a95 135760 qemu-guest-agent_2.1+dfsg-12+deb8u4_amd64.deb
97c5415a5daf2362f5a622c42408176d88ce80bdcf9b33b1230b710432733033 52008 qemu-kvm_2.1+dfsg-12+deb8u4_amd64.deb
Files:
0007ce12bab1b5b94f1b2d6dd3840900 5172 otherosfs optional qemu_2.1+dfsg-12+deb8u4.dsc
ef353d3d7aec44caa484459e0b0dc9bb 115964 otherosfs optional qemu_2.1+dfsg-12+deb8u4.debian.tar.xz
b9fac960a8bdcf952f2b99fdd9138934 122124 otherosfs optional qemu_2.1+dfsg-12+deb8u4_amd64.deb
e5e41539a5fb85d2d036319743018dbd 51342 otherosfs optional qemu-system_2.1+dfsg-12+deb8u4_amd64.deb
c709fb515b452932f046b979e13fd203 281040 otherosfs optional qemu-system-common_2.1+dfsg-12+deb8u4_amd64.deb
7f679498c0b8c8e231e3e7ccfc3cd719 5158908 otherosfs optional qemu-system-misc_2.1+dfsg-12+deb8u4_amd64.deb
801e3a5671262be69f3c8769b5f89066 2231334 otherosfs optional qemu-system-arm_2.1+dfsg-12+deb8u4_amd64.deb
ef287543480d7d4ea30eb9879f60c39a 2565592 otherosfs optional qemu-system-mips_2.1+dfsg-12+deb8u4_amd64.deb
26599db779f4987d9437902d6d1191cd 2827760 otherosfs optional qemu-system-ppc_2.1+dfsg-12+deb8u4_amd64.deb
71357290d9515fd3dbff5b5258e84147 1670308 otherosfs optional qemu-system-sparc_2.1+dfsg-12+deb8u4_amd64.deb
107b324a7796e125a0eaae5dfad97141 2043548 otherosfs optional qemu-system-x86_2.1+dfsg-12+deb8u4_amd64.deb
b3ad5b084811261b6970a60f79e387ba 4889608 otherosfs optional qemu-user_2.1+dfsg-12+deb8u4_amd64.deb
4e32efb8e75d732761f3abfe05b51812 6902928 otherosfs optional qemu-user-static_2.1+dfsg-12+deb8u4_amd64.deb
704a127bef818adc9aafe0855c66e1e1 2884 otherosfs optional qemu-user-binfmt_2.1+dfsg-12+deb8u4_amd64.deb
d71221d49f5bb6aa44baf81215b65a7b 481716 otherosfs optional qemu-utils_2.1+dfsg-12+deb8u4_amd64.deb
f3e0e675be1aef7fd09dfb753f5edced 135760 otherosfs optional qemu-guest-agent_2.1+dfsg-12+deb8u4_amd64.deb
8091bb7954cac6616c0d06ea3b470791 52008 otherosfs optional qemu-kvm_2.1+dfsg-12+deb8u4_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAEBAgAGBQJV+GriAAoJEL7lnXSkw9fbKCsH/3SJ737+5V8JeA/1WqWdVbFu
uK+KlCnj01NWMh/0LCLftvX2CRapPEirJ9Oh+OKB0lLbPDWchF61BjklGOntJuV6
8nvsYYuyNixT/uI/rx7tv8nRRAj55iLK4jUjXTPUHbRveoHtYPg+1TmVPd8oSjA4
uDpmYqJaDBE4f9BaOHR5armbaLdf9ETo97VCwE7xJOK3Zk3yNNW10xAMLF0m00xu
GQzebcH3gKUKyombCH9OkGfagOraGz3z6TYko3ykykgdSJjvSEYYF5IaHUqe83/c
vw3rJE5tVnGDtJxXzf6ihy5IwVUkI8zx/wusd2IuRuW+Mlr1LXp/xxTcWivYR88=
=QkNs
-----END PGP SIGNATURE-----
Reply sent
to Michael Tokarev <mjt@tls.msk.ru>:
You have taken responsibility.
(Tue, 22 Sep 2015 21:33:15 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer.
(Tue, 22 Sep 2015 21:33:15 GMT) (full text, mbox, link).
Message #20 received at 799073-close@bugs.debian.org (full text, mbox, reply):
Source: qemu
Source-Version: 1.1.2+dfsg-6a+deb7u11
We believe that the bug you reported is fixed in the latest version of
qemu, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 799073@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michael Tokarev <mjt@tls.msk.ru> (supplier of updated qemu package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Tue, 15 Sep 2015 19:39:22 +0300
Source: qemu
Binary: qemu qemu-keymaps qemu-system qemu-user qemu-user-static qemu-utils
Architecture: source all amd64
Version: 1.1.2+dfsg-6a+deb7u11
Distribution: wheezy-security
Urgency: high
Maintainer: Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>
Changed-By: Michael Tokarev <mjt@tls.msk.ru>
Description:
qemu - fast processor emulator
qemu-keymaps - QEMU keyboard maps
qemu-system - QEMU full system emulation binaries
qemu-user - QEMU user mode emulation binaries
qemu-user-static - QEMU user mode emulation binaries (static version)
qemu-utils - QEMU utilities
Closes: 799073 799074
Changes:
qemu (1.1.2+dfsg-6a+deb7u11) wheezy-security; urgency=high
.
* ne2000-add-checks-to-validate-ring-buffer-pointers-CVE-2015-5279.patch
fix for Heap overflow vulnerability in ne2000_receive() function
(Closes: #799074 CVE-2015-5279)
* ne2000-avoid-infinite-loop-when-receiving-packets-CVE-2015-5278.patch
(Closes: #799073 CVE-2015-5278)
Checksums-Sha1:
282a3521fec86f9739c2d143c8362b332c6ceff3 2621 qemu_1.1.2+dfsg-6a+deb7u11.dsc
76b75dbead631427ac187d698f0da1163a652935 119607 qemu_1.1.2+dfsg-6a+deb7u11.debian.tar.gz
696d7560b585231c4f4d11a8e3259cabee6f387f 50428 qemu-keymaps_1.1.2+dfsg-6a+deb7u11_all.deb
3b56a10d160cc5e58b57323017695f787b90fd7e 115828 qemu_1.1.2+dfsg-6a+deb7u11_amd64.deb
0bc68ca6e0df4ff0014003340c99800b6195dd15 27895646 qemu-system_1.1.2+dfsg-6a+deb7u11_amd64.deb
1c33871088259f38507d4b189ab47dd6bfdba862 7724678 qemu-user_1.1.2+dfsg-6a+deb7u11_amd64.deb
42bacc612f9af2f9784f1c21eb2f347e63ed630f 16569230 qemu-user-static_1.1.2+dfsg-6a+deb7u11_amd64.deb
97ed1abbd7b4fe6abdb26c32f88927ccddb118a4 664766 qemu-utils_1.1.2+dfsg-6a+deb7u11_amd64.deb
Checksums-Sha256:
7cbdc4613fc0298fe066a02178c138a034fe86af5041484c2934585dc0cc2cbf 2621 qemu_1.1.2+dfsg-6a+deb7u11.dsc
7202796be235f30026bddd82da77c4ab5c6e21d4d1aa6bae48e22e3616e8cfb7 119607 qemu_1.1.2+dfsg-6a+deb7u11.debian.tar.gz
a38f4b06ca060b7b57045fd7c3780742ca69f44d2b6aa09b0fe007f64421447b 50428 qemu-keymaps_1.1.2+dfsg-6a+deb7u11_all.deb
b8a346ff1a2629787547494d6ac5b3409990cf99d8122b001785ced2016bc10c 115828 qemu_1.1.2+dfsg-6a+deb7u11_amd64.deb
261b2521f8f62d22cb91512002ed067383ee8b3c8707971bbf1b95f178f4cf34 27895646 qemu-system_1.1.2+dfsg-6a+deb7u11_amd64.deb
b80166445034f5e419ff64fee0cbf8039d86905a0d3b4df945d662470609ce0c 7724678 qemu-user_1.1.2+dfsg-6a+deb7u11_amd64.deb
3b07bb444242d175047152f097860a9ff60bdeca7ec3929c8ed616ffb160de85 16569230 qemu-user-static_1.1.2+dfsg-6a+deb7u11_amd64.deb
11a715a1686227921b59843241cab8f7570fc8b314765c881a001625104b7f05 664766 qemu-utils_1.1.2+dfsg-6a+deb7u11_amd64.deb
Files:
73c8eeaf8067aefc77834c04bdb5733d 2621 misc optional qemu_1.1.2+dfsg-6a+deb7u11.dsc
6d8f415ca2c0db3c3e85b46ed341af9c 119607 misc optional qemu_1.1.2+dfsg-6a+deb7u11.debian.tar.gz
2e8b5e8ce8098e16dd81b0bdbbbd0fd0 50428 misc optional qemu-keymaps_1.1.2+dfsg-6a+deb7u11_all.deb
845cfc509c5efca4ca9aa460a4a778ca 115828 misc optional qemu_1.1.2+dfsg-6a+deb7u11_amd64.deb
3feca78d195ff46b3d90a9597a3c4651 27895646 misc optional qemu-system_1.1.2+dfsg-6a+deb7u11_amd64.deb
b2ab80e704e2d9c782ac5bd58c70c8c6 7724678 misc optional qemu-user_1.1.2+dfsg-6a+deb7u11_amd64.deb
fc5998ad4b5af74caa30e62de50c7d2f 16569230 misc optional qemu-user-static_1.1.2+dfsg-6a+deb7u11_amd64.deb
e0faf4af9924309e2b2efb5bb2403d36 664766 misc optional qemu-utils_1.1.2+dfsg-6a+deb7u11_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAEBAgAGBQJV+GqCAAoJEL7lnXSkw9fbchQH/RltqIUUamcg2fBc1kzdE0dX
qA8L5dVWbJHhw2NarLwC/JIKfsFIi7aeZ+dE0doqqHlnv4W+1ahz+IpoCd1+vWJT
K0B529rXxJoFtPu6loZC/lO2PBbtn2dBqnZQo6p9QDWr4/dvdr4yZJRVd+Ege8T9
d8Pc+O1j6nQzh4n+U228q7Uw3rZzHTV8pH63yQ5iW+YVHBWHNJMG4+9F164V9s00
eyeU65rVr3mc0gp3Md6QxiDSKWStRCs/vO6L4FdRqhHihCLdqaJ0xRfRoziocX41
7XBn/T1YSa5CUqYz3IOdJ/2Ur6ufeu/qLNHmxPIIA9MzHH7aSpN2c2Q4MhgFIFo=
=IgrC
-----END PGP SIGNATURE-----
Reply sent
to Michael Tokarev <mjt@tls.msk.ru>:
You have taken responsibility.
(Tue, 22 Sep 2015 21:33:18 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer.
(Tue, 22 Sep 2015 21:33:18 GMT) (full text, mbox, link).
Message #25 received at 799073-close@bugs.debian.org (full text, mbox, reply):
Source: qemu-kvm
Source-Version: 1.1.2+dfsg-6+deb7u11
We believe that the bug you reported is fixed in the latest version of
qemu-kvm, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 799073@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michael Tokarev <mjt@tls.msk.ru> (supplier of updated qemu-kvm package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Tue, 15 Sep 2015 19:39:22 +0300
Source: qemu-kvm
Binary: qemu-kvm qemu-kvm-dbg kvm
Architecture: source amd64
Version: 1.1.2+dfsg-6+deb7u11
Distribution: wheezy-security
Urgency: high
Maintainer: Michael Tokarev <mjt@tls.msk.ru>
Changed-By: Michael Tokarev <mjt@tls.msk.ru>
Description:
kvm - dummy transitional package from kvm to qemu-kvm
qemu-kvm - Full virtualization on x86 hardware
qemu-kvm-dbg - Debugging info for qemu-kvm
Closes: 799073 799074
Changes:
qemu-kvm (1.1.2+dfsg-6+deb7u11) wheezy-security; urgency=high
.
* ne2000-add-checks-to-validate-ring-buffer-pointers-CVE-2015-5279.patch
fix for Heap overflow vulnerability in ne2000_receive() function
(Closes: #799074 CVE-2015-5279)
* ne2000-avoid-infinite-loop-when-receiving-packets-CVE-2015-5278.patch
(Closes: #799073 CVE-2015-5278)
Checksums-Sha1:
43f3ffc3c58ef2da7eb0ceea4a25f5f298f82c3c 2141 qemu-kvm_1.1.2+dfsg-6+deb7u11.dsc
617a320b8cd9de78ce3d67752a1d021384abc66d 107481 qemu-kvm_1.1.2+dfsg-6+deb7u11.debian.tar.gz
6b3dea6dc238bb4cca8eec37638fbe1df3e7c4a6 1680712 qemu-kvm_1.1.2+dfsg-6+deb7u11_amd64.deb
95e85f8d362a3562916a6b2857d54091e8d67d24 5273602 qemu-kvm-dbg_1.1.2+dfsg-6+deb7u11_amd64.deb
cf374d84980c55e176571bba2d7493237d0eccd7 24870 kvm_1.1.2+dfsg-6+deb7u11_amd64.deb
Checksums-Sha256:
6522e4796f901a0ab8078bae8bb7bf78e76be684dbfd26a8b1c6a21ab55b4de0 2141 qemu-kvm_1.1.2+dfsg-6+deb7u11.dsc
524b521eb022e30c83ba126666baee4b55074fe6710be0b81619de3288fe6269 107481 qemu-kvm_1.1.2+dfsg-6+deb7u11.debian.tar.gz
ba0ce188761c6635dc0650eea573046d978a579041fdb3a7a17e36d8c6fcf370 1680712 qemu-kvm_1.1.2+dfsg-6+deb7u11_amd64.deb
005d7e3aa3edb89d022915bffd7e5c5e3706235723a9295f0d4ec595467111c5 5273602 qemu-kvm-dbg_1.1.2+dfsg-6+deb7u11_amd64.deb
8ba9d66f098012265a5b74b54d7169110e3ee625d3c83bec7fa2bbe689099c22 24870 kvm_1.1.2+dfsg-6+deb7u11_amd64.deb
Files:
9fd099b99431f1e3c50358f1821bed96 2141 misc optional qemu-kvm_1.1.2+dfsg-6+deb7u11.dsc
7979a536f3862fdb9110814223033bcd 107481 misc optional qemu-kvm_1.1.2+dfsg-6+deb7u11.debian.tar.gz
4a823cd8247c6d695970b7c596c02c58 1680712 misc optional qemu-kvm_1.1.2+dfsg-6+deb7u11_amd64.deb
2b2010250b308de20e4aa03f86fe616c 5273602 debug extra qemu-kvm-dbg_1.1.2+dfsg-6+deb7u11_amd64.deb
43fe94bd04de75de3375bb95663be4db 24870 oldlibs extra kvm_1.1.2+dfsg-6+deb7u11_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAEBAgAGBQJV+G8UAAoJEL7lnXSkw9fbJuMH/1YrihS+Aih8VqIXOohxX+i6
ot3VIWEkRMXBeKbWjsfOsmFN8pekX3PyFvg1hMTQBq517eaAmjP419Xs2Nrq62fs
zEgrQk9dGarnfrElKfNBKMYBwt6kacMN6wIURpBOaKGFMVpMHfqP8Yg1iyBmmyzt
JA2LrfzAG9oKNW2rcYTPiES6ncRH8PX+HpzHKZFhM/1lD1RkT8M4tUo1L6EaHoiT
DwptBjVGFaugsiiOulqYL/ylG/xFuK6KJxQti/Rz5CwlwG2B74iq74cnkiLczLDh
O53gxmrKbAU9FIgsRDZ7ZTKm4lwukmhEAPrRBfs2IfKyhp6SJXSfgcFPtD+ga9w=
=UcEx
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Wed, 11 Nov 2015 07:31:58 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 13:06:50 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon