Debian Bug report logs -
#799452
qemu: CVE-2015-7295: net: virtio-net possible remote DoS
Reported by: Salvatore Bonaccorso <carnil@debian.org>
Date: Sat, 19 Sep 2015 10:24:02 UTC
Severity: important
Tags: patch, security, upstream
Found in versions qemu/1.1.2+dfsg-6a, qemu/1.1.2+dfsg-6a+deb7u9
Fixed in version qemu/1:2.4+dfsg-4
Done: Michael Tokarev <mjt@tls.msk.ru>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>
:
Bug#799452
; Package src:qemu
.
(Sat, 19 Sep 2015 10:24:06 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>
:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>
.
(Sat, 19 Sep 2015 10:24:06 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: qemu
Version: 1.1.2+dfsg-6a+deb7u9
Severity: important
Tags: security upstream patch
Hi,
the following vulnerability was published for qemu.
CVE-2015-7295[0]:
net: virtio-net possible remote DoS
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2015-7295
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1264381
Regards,
Salvatore
Marked as found in versions qemu/1.1.2+dfsg-6a.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org
.
(Sat, 19 Sep 2015 10:33:04 GMT) (full text, mbox, link).
Changed Bug title to 'qemu: CVE-2015-7295: net: virtio-net possible remote DoS' from 'qemu: CVE-2015--7295: net: virtio-net possible remote DoS'
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org
.
(Sat, 19 Sep 2015 10:33:07 GMT) (full text, mbox, link).
Added tag(s) pending.
Request was from <mjt@tls.msk.ru>
to control@bugs.debian.org
.
(Fri, 02 Oct 2015 17:33:04 GMT) (full text, mbox, link).
Reply sent
to Michael Tokarev <mjt@tls.msk.ru>
:
You have taken responsibility.
(Thu, 08 Oct 2015 17:36:07 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>
:
Bug acknowledged by developer.
(Thu, 08 Oct 2015 17:36:07 GMT) (full text, mbox, link).
Message #16 received at 799452-close@bugs.debian.org (full text, mbox, reply):
Source: qemu
Source-Version: 1:2.4+dfsg-4
We believe that the bug you reported is fixed in the latest version of
qemu, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 799452@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michael Tokarev <mjt@tls.msk.ru> (supplier of updated qemu package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Thu, 08 Oct 2015 20:30:03 +0300
Source: qemu
Binary: qemu qemu-system qemu-block-extra qemu-system-common qemu-system-misc qemu-system-arm qemu-system-mips qemu-system-ppc qemu-system-sparc qemu-system-x86 qemu-user qemu-user-static qemu-user-binfmt qemu-utils qemu-guest-agent qemu-kvm libcacard0 libcacard-dev libcacard-tools
Architecture: source
Version: 1:2.4+dfsg-4
Distribution: unstable
Urgency: medium
Maintainer: Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>
Changed-By: Michael Tokarev <mjt@tls.msk.ru>
Description:
libcacard-dev - Virtual Common Access Card (CAC) Emulator (development files)
libcacard-tools - Virtual Common Access Card (CAC) Emulator (tools)
libcacard0 - Virtual Common Access Card (CAC) Emulator (runtime library)
qemu - fast processor emulator
qemu-block-extra - extra block backend modules for qemu-system and qemu-utils
qemu-guest-agent - Guest-side qemu-system agent
qemu-kvm - QEMU Full virtualization on x86 hardware
qemu-system - QEMU full system emulation binaries
qemu-system-arm - QEMU full system emulation binaries (arm)
qemu-system-common - QEMU full system emulation binaries (common files)
qemu-system-mips - QEMU full system emulation binaries (mips)
qemu-system-misc - QEMU full system emulation binaries (miscelaneous)
qemu-system-ppc - QEMU full system emulation binaries (ppc)
qemu-system-sparc - QEMU full system emulation binaries (sparc)
qemu-system-x86 - QEMU full system emulation binaries (x86)
qemu-user - QEMU user mode emulation binaries
qemu-user-binfmt - QEMU user mode binfmt registration for qemu-user
qemu-user-static - QEMU user mode emulation binaries (static version)
qemu-utils - QEMU utilities
Closes: 797608 799452
Changes:
qemu (1:2.4+dfsg-4) unstable; urgency=medium
.
* applied 3 patches from upstream to fix virtio-net
possible remote DoS (Closes: #799452 CVE-2015-7295)
* remove now-unused /etc/qemu too (Closes: #797608)
Checksums-Sha1:
4dd777b82382faf65351d1a5b41a1272cdec9e9f 6038 qemu_2.4+dfsg-4.dsc
fb44cba86ee2a9f0685c55ce257b801f64528c97 66796 qemu_2.4+dfsg-4.debian.tar.xz
Checksums-Sha256:
8d6c765da99eada732b39750347a7bc26ab4bfd124a62d34dc1c59bfbd3efdc1 6038 qemu_2.4+dfsg-4.dsc
6d480bb8b2f38d09b870983a6768b088c64b5e53027374fa99ef6ee82082cd59 66796 qemu_2.4+dfsg-4.debian.tar.xz
Files:
b7e4e5833d5ecb6304ffb7a6199db4b2 6038 otherosfs optional qemu_2.4+dfsg-4.dsc
895234146cbf82464aab2986d8fe1762 66796 otherosfs optional qemu_2.4+dfsg-4.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAEBAgAGBQJWFqhNAAoJEL7lnXSkw9fbFRgH/0lo4ubvkHtZiUIyFuxAoyWd
/rUCr7pz8SwYjMFGX8RTGQf58TtL0WdxPaniVu4DJ5JAK+ifNv4UYcePj4zdagHx
7IZtaaW6V1f7OD6kzE7w4Ogii65EjHswMTSvw5hJd+TnKS75d5s5qMiNQXQgIIfQ
gJRXQb0tUtA5V/fgZhqNVEKMrGLpWx079IHuB8GH9fMcOoIDAhqxruoAqsD9i3sa
Ian0oNOfhHf/VasQEyLPSH7Ef6nmipkz2dOVKxu6vZAJTuWYtBCSumac8I77RZsF
HkLRGgTevrB8hSjbuzs/q+x6rTT6dB6OBID7tEIcQg9Mq489j0SCweoVfYJthKo=
=Itj0
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org
.
(Wed, 11 Nov 2015 07:29:47 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 18:14:26 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.