Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

qemu: CVE-2019-3812

Related Vulnerabilities: CVE-2019-3812  

Source

Debian Bug report logs - #922635
qemu: CVE-2019-3812

version graph

Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>;

Reported by: Salvatore Bonaccorso <carnil@debian.org>

Date: Mon, 18 Feb 2019 17:12:01 UTC

Severity: important

Tags: security, upstream

Found in versions qemu/1:3.1+dfsg-2, qemu/1:3.1+dfsg-4

Fixed in version qemu/1:3.1+dfsg-5

Done: Michael Tokarev <mjt@tls.msk.ru>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, team@security.debian.org, Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>:
Bug#922635; Package src:qemu. (Mon, 18 Feb 2019 17:12:04 GMT) (full text, mbox, link).

Acknowledgement sent to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, team@security.debian.org, Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>. (Mon, 18 Feb 2019 17:12:04 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: qemu: CVE-2019-3812
Date: Mon, 18 Feb 2019 18:10:16 +0100
Source: qemu
Version: 1:3.1+dfsg-4
Severity: important
Tags: security upstream
Control: found -1 1:3.1+dfsg-2

Hi,

The following vulnerability was published for qemu.

CVE-2019-3812[0]:
Out-of-bounds read in hw/i2c/i2c-ddc.c allows for memory disclosure

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2019-3812
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3812
[1] https://git.qemu.org/?p=qemu.git;a=commit;h=b05b267840515730dbf6753495d5b7bd8b04ad1c

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Marked as found in versions qemu/1:3.1+dfsg-2. Request was from Salvatore Bonaccorso <carnil@debian.org> to submit@bugs.debian.org. (Mon, 18 Feb 2019 17:12:04 GMT) (full text, mbox, link).

Reply sent to Michael Tokarev <mjt@tls.msk.ru>:
You have taken responsibility. (Mon, 11 Mar 2019 12:09:07 GMT) (full text, mbox, link).

Notification sent to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer. (Mon, 11 Mar 2019 12:09:07 GMT) (full text, mbox, link).

Message #12 received at 922635-close@bugs.debian.org (full text, mbox, reply):

From: Michael Tokarev <mjt@tls.msk.ru>
To: 922635-close@bugs.debian.org
Subject: Bug#922635: fixed in qemu 1:3.1+dfsg-5
Date: Mon, 11 Mar 2019 12:07:56 +0000
Source: qemu
Source-Version: 1:3.1+dfsg-5

We believe that the bug you reported is fixed in the latest version of
qemu, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 922635@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Michael Tokarev <mjt@tls.msk.ru> (supplier of updated qemu package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Mon, 11 Mar 2019 14:30:44 +0300
Source: qemu
Binary: qemu qemu-system qemu-block-extra qemu-system-data qemu-system-common qemu-system-gui qemu-system-misc qemu-system-arm qemu-system-mips qemu-system-ppc qemu-system-sparc qemu-system-x86 qemu-user qemu-user-static qemu-user-binfmt qemu-utils qemu-guest-agent qemu-kvm
Architecture: source
Version: 1:3.1+dfsg-5
Distribution: unstable
Urgency: high
Maintainer: Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>
Changed-By: Michael Tokarev <mjt@tls.msk.ru>
Description:
 qemu       - fast processor emulator, dummy package
 qemu-block-extra - extra block backend modules for qemu-system and qemu-utils
 qemu-guest-agent - Guest-side qemu-system agent
 qemu-kvm   - QEMU Full virtualization on x86 hardware
 qemu-system - QEMU full system emulation binaries
 qemu-system-arm - QEMU full system emulation binaries (arm)
 qemu-system-common - QEMU full system emulation binaries (common files)
 qemu-system-data - QEMU full system emulation (data files)
 qemu-system-gui - QEMU full system emulation binaries (user interface and audio sup
 qemu-system-mips - QEMU full system emulation binaries (mips)
 qemu-system-misc - QEMU full system emulation binaries (miscellaneous)
 qemu-system-ppc - QEMU full system emulation binaries (ppc)
 qemu-system-sparc - QEMU full system emulation binaries (sparc)
 qemu-system-x86 - QEMU full system emulation binaries (x86)
 qemu-user  - QEMU user mode emulation binaries
 qemu-user-binfmt - QEMU user mode binfmt registration for qemu-user
 qemu-user-static - QEMU user mode emulation binaries (static version)
 qemu-utils - QEMU utilities
Closes: 922635
Changes:
 qemu (1:3.1+dfsg-5) unstable; urgency=high
 .
   * i2c-ddc-fix-oob-read-CVE-2019-3812.patch fixes
     OOB read in hw/i2c/i2c-ddc.c which allows for memory disclosure.
     Closes: #922635, CVE-2019-3812
Checksums-Sha1:
 4b8db7da8a72fd3260f193207d4a5eb5946e7ca5 6120 qemu_3.1+dfsg-5.dsc
 a2b93776f0d382d34a20d99b4ffab2f70e314a00 82828 qemu_3.1+dfsg-5.debian.tar.xz
 13af35944adef9b5ab679e7edb0a01ff6028385d 16413 qemu_3.1+dfsg-5_source.buildinfo
Checksums-Sha256:
 11687b34509cf898f761308fd652ef6bb8fcd8736ee9091840386095b06c2dda 6120 qemu_3.1+dfsg-5.dsc
 70f49c90c616f648547d041108284b0bf1bd9e6bc2ef5f59eae79b657410117e 82828 qemu_3.1+dfsg-5.debian.tar.xz
 1ae19e2fbb2c7f285ddb6b8c44a0fe5131507ee45fe10afe2388c3e1150225bf 16413 qemu_3.1+dfsg-5_source.buildinfo
Files:
 ea3065467a9c4e9186fd46b218df3919 6120 otherosfs optional qemu_3.1+dfsg-5.dsc
 69641e6dff3850f000d0a97a0bfb50a4 82828 otherosfs optional qemu_3.1+dfsg-5.debian.tar.xz
 93f4609398e09d1add632a95d50dad53 16413 otherosfs optional qemu_3.1+dfsg-5_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQFDBAEBCAAtFiEEe3O61ovnosKJMUsicBtPaxppPlkFAlyGSAwPHG1qdEB0bHMu
bXNrLnJ1AAoJEHAbT2saaT5ZnW0IAL/vKMX5PkLc6TdZ26opFncp0cGIZVVxaWLC
EaAwQWO8h8rgjuv4vCWZ1vLeYzfLfmkJzKYo/QVFTtPrTpDkZhWsZYcKynk3ioxo
zZtMafJyOOwKrNFnWvVly0p/AxwO1RqmeSLH3zdXRcq/CKRqfjZ7BUwooKV2WjHB
LisFSv6cXu6hlYGaavOcihZnC6LSQ/eXDzNO7PjMjSE8AtXi5vOZkRQkssQlPh+c
GUQkRH+ZZYbX1aabCxshPb2Gyc5CPq8hvW8pJ5H7XlbqiJ3/43NRFK5FvQ8v8uaI
1NkaVituctmT5+WYL+wG6QS0HWA+5A25UOykmJbWiFg/CkD15Ys=
=AT6b
-----END PGP SIGNATURE-----

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sat, 04 May 2019 07:27:42 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 17:15:44 2019; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started