Debian Bug report logs -
#883625
qemu: CVE-2017-17381: virtio: divide by zero exception while updating rings
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>:
Bug#883625; Package src:qemu.
(Tue, 05 Dec 2017 21:15:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>.
(Tue, 05 Dec 2017 21:15:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: qemu
Version: 1:2.10.0+dfsg-1
Severity: normal
Tags: patch security upstream
Forwarded: https://lists.gnu.org/archive/html/qemu-devel/2017-12/msg00166.html
Hi,
the following vulnerability was published for qemu.
CVE-2017-17381[0]:
virtio: divide by zero exception while updating rings
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-17381
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17381
[1] https://lists.gnu.org/archive/html/qemu-devel/2017-12/msg00166.html
[2] https://bugzilla.redhat.com/show_bug.cgi?id=1520782
[3] https://bugzilla.novell.com/show_bug.cgi?id=1071228
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
Reply sent
to Michael Tokarev <mjt@tls.msk.ru>:
You have taken responsibility.
(Thu, 11 Jan 2018 13:39:18 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer.
(Thu, 11 Jan 2018 13:39:18 GMT) (full text, mbox, link).
Message #10 received at 883625-close@bugs.debian.org (full text, mbox, reply):
Source: qemu
Source-Version: 1:2.11+dfsg-1
We believe that the bug you reported is fixed in the latest version of
qemu, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 883625@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michael Tokarev <mjt@tls.msk.ru> (supplier of updated qemu package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Thu, 11 Jan 2018 14:42:12 +0300
Source: qemu
Binary: qemu qemu-system qemu-block-extra qemu-system-common qemu-system-misc qemu-system-arm qemu-system-mips qemu-system-ppc qemu-system-sparc qemu-system-x86 qemu-user qemu-user-static qemu-user-binfmt qemu-utils qemu-guest-agent qemu-kvm
Architecture: source
Version: 1:2.11+dfsg-1
Distribution: unstable
Urgency: medium
Maintainer: Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>
Changed-By: Michael Tokarev <mjt@tls.msk.ru>
Description:
qemu - fast processor emulator
qemu-block-extra - extra block backend modules for qemu-system and qemu-utils
qemu-guest-agent - Guest-side qemu-system agent
qemu-kvm - QEMU Full virtualization on x86 hardware
qemu-system - QEMU full system emulation binaries
qemu-system-arm - QEMU full system emulation binaries (arm)
qemu-system-common - QEMU full system emulation binaries (common files)
qemu-system-mips - QEMU full system emulation binaries (mips)
qemu-system-misc - QEMU full system emulation binaries (miscellaneous)
qemu-system-ppc - QEMU full system emulation binaries (ppc)
qemu-system-sparc - QEMU full system emulation binaries (sparc)
qemu-system-x86 - QEMU full system emulation binaries (x86)
qemu-user - QEMU user mode emulation binaries
qemu-user-binfmt - QEMU user mode binfmt registration for qemu-user
qemu-user-static - QEMU user mode emulation binaries (static version)
qemu-utils - QEMU utilities
Closes: 880485 880832 880836 883399 883406 883625
Changes:
qemu (1:2.11+dfsg-1) unstable; urgency=medium
.
[ Michael Tokarev ]
* update to new upstream (2.11) release
Closes: #883625, CVE-2017-17381
Closes: #880832, CVE-2017-15289
Closes: #880836, CVE-2017-15268
Closes: #883399, CVE-2017-15119
Closes: #883406, CVE-2017-15118
* update to new upstream, remove old patches, refresh debian patches
* disable sdl audio driver (pulse or oss should work fine)
* do not build-depend on libx11-dev (libsdl2-dev already depends on it)
* move libpulse-dev build-dep to a better place
* clean up d/control from various old conflicts/replaces/provides
* remove --with-system-pixman, not used anymore
* remove ubuntu-specific qemu-system-aarch64 transitional package (trusty)
* remove ubuntu-specific mentions of old qemu-kvm-spice package (precise)
* remove old comment about /etc/kvm from qemu-kvm description
* add Suggests: openbios-sparc for qemu-system-sparc on ubuntu
(similar to what is done for qemu-system-ppc)
* update get-orig-source.sh with new blobs/submodules
* update debian/watch a bit
.
[ Aurelien Jarno ]
* debian/control-in: build qemu-system and qemu-user on mips64 and
mips64el. Closes: #880485.
.
[ Christian Ehrhardt ]
* ppc64[le]: provide symlink matching arch name
* d/control-in: Enable seccomp for ppc64el,
this bumps minimum libseccomp version
Checksums-Sha1:
08b1d64564db52d36dc2ed764f638a06e08f9b58 5688 qemu_2.11+dfsg-1.dsc
59741190a78e24b21d23249072f975249f94a304 7602724 qemu_2.11+dfsg.orig.tar.xz
8597fefb57e535541aeca67b63fa367e46d6ec4a 70824 qemu_2.11+dfsg-1.debian.tar.xz
19c218078d53e69c84a19d3b9e1e19a49d0975c4 12267 qemu_2.11+dfsg-1_source.buildinfo
Checksums-Sha256:
7976483cfc4adc0c16f24b48624d1cefab71fea5dded999e1c57c7230865a958 5688 qemu_2.11+dfsg-1.dsc
fbfeaafe9539031783d74fbd9e0c6cd85c107adb10442860a1bec07df47ad1c8 7602724 qemu_2.11+dfsg.orig.tar.xz
d0f1afba49d8c8db55138ac91f3f242830f1a6c38736c1b4357d69716b981459 70824 qemu_2.11+dfsg-1.debian.tar.xz
7af11fa029d0999d54e526aaf4c13335b8c9f4bf7fddac4e9c166417b21f93c3 12267 qemu_2.11+dfsg-1_source.buildinfo
Files:
4101ad36104cef2cd181520e8eeb783c 5688 otherosfs optional qemu_2.11+dfsg-1.dsc
d5bbd9b22e088ade00bca3e10194b0aa 7602724 otherosfs optional qemu_2.11+dfsg.orig.tar.xz
febc602ebe61da8e13a62c75e02e21d4 70824 otherosfs optional qemu_2.11+dfsg-1.debian.tar.xz
b9b08928cff46c74405bcb0f478b767a 12267 otherosfs optional qemu_2.11+dfsg-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQFDBAEBCAAtFiEEe3O61ovnosKJMUsicBtPaxppPlkFAlpXYmgPHG1qdEB0bHMu
bXNrLnJ1AAoJEHAbT2saaT5ZGAsIALjGcEiGkb0OW4iVJa7UcTax7LSVDdSTEhLp
2B3r/RqQtlAqVJ9yN2rcCUlJ5R3IzULLgjC2vbgVzepcNWyZYNPtalWofdaaMdp5
H0HG2us2Xi9SbvENVQStV67cMNZ91KpaZSqfu9sXo8OChf8InMMuN95Rsv7pMEzV
nAiMfTDV6MBta2u3pmfnX5e3leb4aVYGtVZXiWU6jwduMW7KmQOeMa2UmH8dFSg0
VhalfxJAcumh8mbvF5tZ8y+UDEAFUrcQHr3ZR6C0dCymTTWgSNpUDVOi8ZzbYMFf
vk6CeHbCO2UDL4pJ6jjxsaPL6BV+axngiFJjV5g8W/MlLUddPnA=
=ygi6
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Tue, 13 Feb 2018 07:27:18 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 13:29:58 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon