qemu: CVE-2016-1568: ide: ahci use-after-free vulnerability in aio port commands

Debian Bug report logs - #810527
qemu: CVE-2016-1568: ide: ahci use-after-free vulnerability in aio port commands

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: qemu: CVE-2016-1568: ide: ahci use-after-free vulnerability in aio port commands

Date: Sat, 09 Jan 2016 15:47:37 +0100

Source: qemu
Version: 1.1.2+dfsg-6a
Severity: important
Tags: security patch upstream

Hi,

the following vulnerability was published for qemu.

CVE-2016-1568[0]:
ide: ahci use-after-free vulnerability in aio port commands

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2016-1568
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1288532

Please adjust the affected versions in the BTS as needed; actually
could you please double check if I'm right with having CVE-2016-1568
affecting qemu back to the version in wheezy.

Regards,
Salvatore

Message #12 received at 810527-close@bugs.debian.org (full text, mbox, reply):

From: Michael Tokarev <mjt@tls.msk.ru>

To: 810527-close@bugs.debian.org

Subject: Bug#810527: fixed in qemu 1:2.5+dfsg-2

Date: Sat, 09 Jan 2016 18:49:53 +0000

Source: qemu
Source-Version: 1:2.5+dfsg-2

We believe that the bug you reported is fixed in the latest version of
qemu, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 810527@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Michael Tokarev <mjt@tls.msk.ru> (supplier of updated qemu package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sat, 09 Jan 2016 21:40:43 +0300
Source: qemu
Binary: qemu qemu-system qemu-block-extra qemu-system-common qemu-system-misc qemu-system-arm qemu-system-mips qemu-system-ppc qemu-system-sparc qemu-system-x86 qemu-user qemu-user-static qemu-user-binfmt qemu-utils qemu-guest-agent qemu-kvm
Architecture: source
Version: 1:2.5+dfsg-2
Distribution: unstable
Urgency: high
Maintainer: Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>
Changed-By: Michael Tokarev <mjt@tls.msk.ru>
Description:
 qemu       - fast processor emulator
 qemu-block-extra - extra block backend modules for qemu-system and qemu-utils
 qemu-guest-agent - Guest-side qemu-system agent
 qemu-kvm   - QEMU Full virtualization on x86 hardware
 qemu-system - QEMU full system emulation binaries
 qemu-system-arm - QEMU full system emulation binaries (arm)
 qemu-system-common - QEMU full system emulation binaries (common files)
 qemu-system-mips - QEMU full system emulation binaries (mips)
 qemu-system-misc - QEMU full system emulation binaries (miscelaneous)
 qemu-system-ppc - QEMU full system emulation binaries (ppc)
 qemu-system-sparc - QEMU full system emulation binaries (sparc)
 qemu-system-x86 - QEMU full system emulation binaries (x86)
 qemu-user  - QEMU user mode emulation binaries
 qemu-user-binfmt - QEMU user mode binfmt registration for qemu-user
 qemu-user-static - QEMU user mode emulation binaries (static version)
 qemu-utils - QEMU utilities
Closes: 808144 808357 809229 810205 810519 810527
Changes:
 qemu (1:2.5+dfsg-2) unstable; urgency=high
 .
   * ehci-make-idt-processing-more-robust-CVE-2015-8558.patch
     (Closes: #808144, CVE-2015-8558)
   * virtio-9p-use-accessor-to-get-thread_pool.patch (Closes: #808357)
   * two upstream patches from xsa-155 fixing unsafe shared memory access in xen
     (Closes: #809229, CVE-2015-8550)
   * net-ne2000-fix-bounds-check-in-ioport-operations-CVE-2015-8743.patch
     (Closes: #810519, CVE-2015-8743)
   * ide-ahci-reset-ncq-object-to-unused-on-error-CVE-2016-1568.patch
     (Closes: #810527, CVE-2016-1568)
   * changed build-depends from libpng12-dev to libpng-dev (Closes: #810205)
Checksums-Sha1:
 bce0885a87fc215de54ad7a160ac157db0bb8806 5373 qemu_2.5+dfsg-2.dsc
 016493b87f10ee3c35ee2f0c3fe807400d2c8bf7 63920 qemu_2.5+dfsg-2.debian.tar.xz
Checksums-Sha256:
 0f17850c31ec2f12c73fe08479f4bcacf5341cdb78c26221e1d5639f08f6f444 5373 qemu_2.5+dfsg-2.dsc
 57b7c2fdb5ca5f9903cb965515ec1a8ae365be95a3bd11da80d1bb110682e61c 63920 qemu_2.5+dfsg-2.debian.tar.xz
Files:
 40c903484b12a919513b3fb8fe4ac7ea 5373 otherosfs optional qemu_2.5+dfsg-2.dsc
 66da57b6ef6e9e1833b94fbcbd1a5d9a 63920 otherosfs optional qemu_2.5+dfsg-2.debian.tar.xz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJWkVSVAAoJEL7lnXSkw9fbfz4H/jhuDilOwGBver/w7PHZO1l2
HwBzIbTuBWxxfcmqXoksIixx3TVFdo64StHVCeScTsO1xyY9/n8UpzgWNH8Xxygb
+oCKt/baN5UQaHlRfupg1xbMSWFKQJcXyCs7/bH+yu6DTF4QT39y5e0B6s1QfBG2
LR/Hy/ycmz1oChG3B9haVYLWIvLD0O0M2kvARjpGGt++aIR0H23C3I2kyYMmDM2U
eeRRp9OzWFvurDMTwUKolPwKINVO5pxikl15rZcIX5jfFojP2jwT/kuaIk9x9IQb
xTBUSe1VgT6ubTc1m5hUmaWmtlLm0vd+xs0A3/JPaBdioisFyQDluL4chYt1cvE=
=8q9I
-----END PGP SIGNATURE-----

Message #17 received at 810527-close@bugs.debian.org (full text, mbox, reply):

From: Michael Tokarev <mjt@tls.msk.ru>

To: 810527-close@bugs.debian.org

Subject: Bug#810527: fixed in qemu 1:2.1+dfsg-12+deb8u5

Date: Wed, 10 Feb 2016 22:17:13 +0000

Source: qemu
Source-Version: 1:2.1+dfsg-12+deb8u5

We believe that the bug you reported is fixed in the latest version of
qemu, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 810527@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Michael Tokarev <mjt@tls.msk.ru> (supplier of updated qemu package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Mon, 01 Feb 2016 23:32:49 +0300
Source: qemu
Binary: qemu qemu-system qemu-system-common qemu-system-misc qemu-system-arm qemu-system-mips qemu-system-ppc qemu-system-sparc qemu-system-x86 qemu-user qemu-user-static qemu-user-binfmt qemu-utils qemu-guest-agent qemu-kvm
Architecture: source
Version: 1:2.1+dfsg-12+deb8u5
Distribution: jessie-security
Urgency: high
Maintainer: Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>
Changed-By: Michael Tokarev <mjt@tls.msk.ru>
Description:
 qemu       - fast processor emulator
 qemu-guest-agent - Guest-side qemu-system agent
 qemu-kvm   - QEMU Full virtualization on x86 hardware
 qemu-system - QEMU full system emulation binaries
 qemu-system-arm - QEMU full system emulation binaries (arm)
 qemu-system-common - QEMU full system emulation binaries (common files)
 qemu-system-mips - QEMU full system emulation binaries (mips)
 qemu-system-misc - QEMU full system emulation binaries (miscelaneous)
 qemu-system-ppc - QEMU full system emulation binaries (ppc)
 qemu-system-sparc - QEMU full system emulation binaries (sparc)
 qemu-system-x86 - QEMU full system emulation binaries (x86)
 qemu-user  - QEMU user mode emulation binaries
 qemu-user-binfmt - QEMU user mode binfmt registration for qemu-user
 qemu-user-static - QEMU user mode emulation binaries (static version)
 qemu-utils - QEMU utilities
Closes: 799452 806373 806741 806742 808130 808131 808144 808145 809229 809232 810519 810527 811201
Changes:
 qemu (1:2.1+dfsg-12+deb8u5) jessie-security; urgency=high
 .
   * applied 3 patches from upstream to fix virtio-net
     possible remote DoS (Closes: #799452 CVE-2015-7295)
   * pcnet-add-check-to-validate-receive-data-size-CVE-2015-7504.patch
     (Closes: #806742, CVE-2015-7504)
   * pcnet-fix-rx-buffer-overflow-CVE-2015-7512.patch
     (Closes: #806741, CVE-2015-7512)
   * msix-implement-pba-write-but-read-only-CVE-2015-7549.patch
     (Closes: #808131, CVE-2015-7549)
   * eepro100-prevent-two-endless-loops-CVE-2015-8345.patch
     (Closes: #806373, CVE-2015-8345)
   * vnc-avoid-floating-point-exception-CVE-2015-8504.patch
     (Closes: #808130, CVE-2015-8504)
   * ehci-make-idt-processing-more-robust-CVE-2015-8558.patch
     (Closes: #808144, CVE-2015-8558)
   * two upstream patches from xsa-155 fixing unsafe shared memory access in xen
     (Closes: #809229, CVE-2015-8550)
   * net-ne2000-fix-bounds-check-in-ioport-operations-CVE-2015-8743.patch
     (Closes: #810519, CVE-2015-8743)
   * net-vmxnet3-avoid-memory-leakage-in-activate_device-[...].patch
     (Closes: #808145, CVE-2015-8567, CVE-2015-8568)
   * scsi-initialise-info-object-with-appropriate-size-CVE-2015-8613.patch
     (Closes: #809232, CVE-2015-8613)
   * vmxnet3-refine-l2-header-validation-CVE-2015-8744.patch
     (Closes: CVE-2015-8744)
   * vmxnet3-support-reading-IMR-registers-on-bar0-CVE-2015-8745.patch
     (Closes: CVE-2015-8745)
   * ide-ahci-reset-ncq-object-to-unused-on-error-CVE-2016-1568.patch
     (Closes: #810527, CVE-2016-1568)
   * fw_cfg-add-check-to-validate-current-entry-value-CVE-2016-1714.patch
     (Closes: CVE-2016-1714)
   * i386-avoid-null-pointer-dereference-CVE-2016-1922.patch
     (Closes: #811201, CVE-2016-1922)
Checksums-Sha1:
 e83e863c38e418b2623c6700b13c8c4c4f6e7eb9 5174 qemu_2.1+dfsg-12+deb8u5.dsc
 54a39c8e48b1b1e7d39beeeb7eb9fc554623897f 127544 qemu_2.1+dfsg-12+deb8u5.debian.tar.xz
Checksums-Sha256:
 5ab190585d859a94c3aee7397c6c54a3f9c9169fbee45a694d33962b2af9b62f 5174 qemu_2.1+dfsg-12+deb8u5.dsc
 938be4ec654e623b0ad783eba71b951d7c92f98f803a1671e27de896d7009beb 127544 qemu_2.1+dfsg-12+deb8u5.debian.tar.xz
Files:
 e51c9efc7305e91cf03a6c5f6b4f49d4 5174 otherosfs optional qemu_2.1+dfsg-12+deb8u5.dsc
 ab8611a4548efcb3c4c0aca8ab64590a 127544 otherosfs optional qemu_2.1+dfsg-12+deb8u5.debian.tar.xz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJWr8SBAAoJEL7lnXSkw9fbzYcH/RA8b2ogrYlEKYvYtcPn6gC2
27WWqxQ4Rkiaja61msNJvsnYFIMOh/HuFGDbXQoewV064I7AltnjNCwSSTs4vPTn
hEZeN2C7tEsW9vQ/O85Xb7g8ZVPxov6hsfF9U/k0OIi84kZp8Vgj5JkJV5Sp1XFL
YrLB8GnMO4AojP5S904mIMTjpB0OfitPUNo29r8Ppce+Wr+s35gPja7iGp+hFwyE
h9x+e//tqMtuj3TNrfhkbnF4rUgOyvmm7T79GY2Ma5vgjMGU9ZT+I6Jl8DsyWMAd
U3AkhMP3K8+86gKPnDoFpleIZeL7u74R5px586BzAQOn2fl1e8JgytUVE4QCV4A=
=l7aU
-----END PGP SIGNATURE-----

Message #22 received at 810527-close@bugs.debian.org (full text, mbox, reply):

From: Michael Tokarev <mjt@tls.msk.ru>

To: 810527-close@bugs.debian.org

Subject: Bug#810527: fixed in qemu 1:2.1+dfsg-12+deb8u5a

Date: Wed, 10 Feb 2016 22:17:50 +0000

Source: qemu
Source-Version: 1:2.1+dfsg-12+deb8u5a

We believe that the bug you reported is fixed in the latest version of
qemu, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 810527@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Michael Tokarev <mjt@tls.msk.ru> (supplier of updated qemu package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Mon, 08 Feb 2016 10:33:30 +0300
Source: qemu
Binary: qemu qemu-system qemu-system-common qemu-system-misc qemu-system-arm qemu-system-mips qemu-system-ppc qemu-system-sparc qemu-system-x86 qemu-user qemu-user-static qemu-user-binfmt qemu-utils qemu-guest-agent qemu-kvm
Architecture: source amd64
Version: 1:2.1+dfsg-12+deb8u5a
Distribution: jessie-security
Urgency: high
Maintainer: Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>
Changed-By: Michael Tokarev <mjt@tls.msk.ru>
Description:
 qemu       - fast processor emulator
 qemu-guest-agent - Guest-side qemu-system agent
 qemu-kvm   - QEMU Full virtualization on x86 hardware
 qemu-system - QEMU full system emulation binaries
 qemu-system-arm - QEMU full system emulation binaries (arm)
 qemu-system-common - QEMU full system emulation binaries (common files)
 qemu-system-mips - QEMU full system emulation binaries (mips)
 qemu-system-misc - QEMU full system emulation binaries (miscelaneous)
 qemu-system-ppc - QEMU full system emulation binaries (ppc)
 qemu-system-sparc - QEMU full system emulation binaries (sparc)
 qemu-system-x86 - QEMU full system emulation binaries (x86)
 qemu-user  - QEMU user mode emulation binaries
 qemu-user-binfmt - QEMU user mode binfmt registration for qemu-user
 qemu-user-static - QEMU user mode emulation binaries (static version)
 qemu-utils - QEMU utilities
Closes: 799452 806373 806741 806742 808130 808131 808144 808145 809229 809232 809237 810519 810527 811201 812307
Changes:
 qemu (1:2.1+dfsg-12+deb8u5a) jessie-security; urgency=high
 .
   * applied 3 patches from upstream to fix virtio-net
     possible remote DoS (Closes: #799452 CVE-2015-7295)
   * pcnet-add-check-to-validate-receive-data-size-CVE-2015-7504.patch
     (Closes: #806742, CVE-2015-7504)
   * pcnet-fix-rx-buffer-overflow-CVE-2015-7512.patch
     (Closes: #806741, CVE-2015-7512)
   * msix-implement-pba-write-but-read-only-CVE-2015-7549.patch
     (Closes: #808131, CVE-2015-7549)
   * eepro100-prevent-two-endless-loops-CVE-2015-8345.patch
     (Closes: #806373, CVE-2015-8345)
   * vnc-avoid-floating-point-exception-CVE-2015-8504.patch
     (Closes: #808130, CVE-2015-8504)
   * ehci-make-idt-processing-more-robust-CVE-2015-8558.patch
     (Closes: #808144, CVE-2015-8558)
   * two upstream patches from xsa-155 fixing unsafe shared memory access in xen
     (Closes: #809229, CVE-2015-8550)
   * net-ne2000-fix-bounds-check-in-ioport-operations-CVE-2015-8743.patch
     (Closes: #810519, CVE-2015-8743)
   * net-vmxnet3-avoid-memory-leakage-in-activate_device-[...].patch
     (Closes: #808145, CVE-2015-8567, CVE-2015-8568)
   * scsi-initialise-info-object-with-appropriate-size-CVE-2015-8613.patch
     (Closes: #809232, CVE-2015-8613)
   * vmxnet3-refine-l2-header-validation-CVE-2015-8744.patch
     (Closes: CVE-2015-8744)
   * vmxnet3-support-reading-IMR-registers-on-bar0-CVE-2015-8745.patch
     (Closes: CVE-2015-8745)
   * ide-ahci-reset-ncq-object-to-unused-on-error-CVE-2016-1568.patch
     (Closes: #810527, CVE-2016-1568)
   * fw_cfg-add-check-to-validate-current-entry-value-CVE-2016-1714.patch
     (Closes: CVE-2016-1714)
   * i386-avoid-null-pointer-dereference-CVE-2016-1922.patch
     (Closes: #811201, CVE-2016-1922)
   * e1000-eliminate-infinite-loops-on-out-of-bounds-start-CVE-2016-1981.patch
     (Closes: #812307, CVE-2016-1981)
   * hmp-fix-sendkey-out-of-bounds-write-CVE-2015-8619.patch
     (Closes: #809237, CVE-2015-8619)
Checksums-Sha1:
 98393c6d4d972757e6a15b457b4904536a92ca3f 5176 qemu_2.1+dfsg-12+deb8u5a.dsc
 a5928d53f352ec549837ba63f55c5d52341999be 128076 qemu_2.1+dfsg-12+deb8u5a.debian.tar.xz
 d96b963059051a0941213cad62d8b6f61316d56c 122694 qemu_2.1+dfsg-12+deb8u5a_amd64.deb
 542fde82530914515f19f0f042bac8eaa23e20c9 51930 qemu-system_2.1+dfsg-12+deb8u5a_amd64.deb
 40fa761909e8a021db40334df486cd2f8c4de3e5 281718 qemu-system-common_2.1+dfsg-12+deb8u5a_amd64.deb
 390417db23daeef6f5f6d3ba04678c6cd002edf6 5198408 qemu-system-misc_2.1+dfsg-12+deb8u5a_amd64.deb
 5e88681a3ea2e9ff9efca27b577509633ac3b7a0 2231682 qemu-system-arm_2.1+dfsg-12+deb8u5a_amd64.deb
 634f0ed0c7bcf2382986487d0d3e1c3bb85e4fd7 2553396 qemu-system-mips_2.1+dfsg-12+deb8u5a_amd64.deb
 e23e74a457a77294e8b352a41d52370f2540e126 2831746 qemu-system-ppc_2.1+dfsg-12+deb8u5a_amd64.deb
 01f345932dc38a48c321fddb4bd7b8e9afb05027 1668400 qemu-system-sparc_2.1+dfsg-12+deb8u5a_amd64.deb
 0956ce514ae60d1c9719b5b1603994acfa180c2a 2044598 qemu-system-x86_2.1+dfsg-12+deb8u5a_amd64.deb
 ec29c3080f143940fd1ead9a7f0afd8c4ae18468 4890826 qemu-user_2.1+dfsg-12+deb8u5a_amd64.deb
 ab78e3a696a5f45b0124bd7656fae0c62e8a24a3 6897096 qemu-user-static_2.1+dfsg-12+deb8u5a_amd64.deb
 09db7d2562f837c63d69c9cb1cc34a5a82f2dbc9 2888 qemu-user-binfmt_2.1+dfsg-12+deb8u5a_amd64.deb
 9ae42be909bfc7d300116437360207edbefdfd29 482032 qemu-utils_2.1+dfsg-12+deb8u5a_amd64.deb
 22bd2658155dfac41eec7cab0cdca0f41c05fc25 136226 qemu-guest-agent_2.1+dfsg-12+deb8u5a_amd64.deb
 fc9df80dc40eb7e9fc4b966194a3d2f1cf70f0b9 52592 qemu-kvm_2.1+dfsg-12+deb8u5a_amd64.deb
Checksums-Sha256:
 98fa7600ac3de587dde19cafcc1e3fc4b87fa12c98fcfc250d53d6dea6bcc5a4 5176 qemu_2.1+dfsg-12+deb8u5a.dsc
 82a3ca376b1b1fe54fe8f9b2cdd5c011bf48d4c0f1e53477c2f29eb38e3e4112 128076 qemu_2.1+dfsg-12+deb8u5a.debian.tar.xz
 3e0575a19148799c0a3eff042de7cf646a11a49c941e7a2af027697355b5dd27 122694 qemu_2.1+dfsg-12+deb8u5a_amd64.deb
 62db8ac185f8f694b7a9cd3343617a520cf1981458c3c8ed0c3466ac764ec422 51930 qemu-system_2.1+dfsg-12+deb8u5a_amd64.deb
 65cc97dac7b417459c8e9ee5013eff3516eb733f115539d20a70f7190e34e842 281718 qemu-system-common_2.1+dfsg-12+deb8u5a_amd64.deb
 e6764676a7c333ac2ccf037e4b70618750a8602cde8adbe9bc3cd4a036e361fb 5198408 qemu-system-misc_2.1+dfsg-12+deb8u5a_amd64.deb
 82cdd916405f704ea9bae209719033c7cc484c337d762cfb148cb115b1b91d10 2231682 qemu-system-arm_2.1+dfsg-12+deb8u5a_amd64.deb
 371780bb36295143440a10c48434d6469edeb045f5c346d91c30b8d09161dfdf 2553396 qemu-system-mips_2.1+dfsg-12+deb8u5a_amd64.deb
 1f5f23f61e8016cc73302c8421d5465e4be9876c6ce72128c606db0ab27ee3b2 2831746 qemu-system-ppc_2.1+dfsg-12+deb8u5a_amd64.deb
 90fc055d05be115e37f9c542e08d0689a43807dec10897b321159865b0bcf596 1668400 qemu-system-sparc_2.1+dfsg-12+deb8u5a_amd64.deb
 7af57abc1b3eba441e8101bb96e4680d394d8412b17678eef70fc36dcfcff4dd 2044598 qemu-system-x86_2.1+dfsg-12+deb8u5a_amd64.deb
 15ff18405155818c81398ce49b50cdbb2d4be0613c7cdae05fe921f482535604 4890826 qemu-user_2.1+dfsg-12+deb8u5a_amd64.deb
 6d76c5363d86a53f5c5068fc8fd7b86f6660a32d183716306b2753102306ee1f 6897096 qemu-user-static_2.1+dfsg-12+deb8u5a_amd64.deb
 5c0171034764c277511101405a2d7fc872dc60cef7a28e485869a5489939692f 2888 qemu-user-binfmt_2.1+dfsg-12+deb8u5a_amd64.deb
 8eb7783bd4c5a61464bf4a81887790f838065f2cbb3e73333399d8a1d5a9e76c 482032 qemu-utils_2.1+dfsg-12+deb8u5a_amd64.deb
 471c752e2b8ac47488b169130740095c9e3ad4906b2f92ad2639184ac4d1c917 136226 qemu-guest-agent_2.1+dfsg-12+deb8u5a_amd64.deb
 da7f34f13daf1744fdc7f9b51edd7b970ea5609b16bb8494701195cf2cfb9c83 52592 qemu-kvm_2.1+dfsg-12+deb8u5a_amd64.deb
Files:
 44e143ee56afc22dffb491f3b335cba3 5176 otherosfs optional qemu_2.1+dfsg-12+deb8u5a.dsc
 b441926dec67df02d6194effce9a749e 128076 otherosfs optional qemu_2.1+dfsg-12+deb8u5a.debian.tar.xz
 1ffe86a2fced4b3a2b0bad3b8bad605f 122694 otherosfs optional qemu_2.1+dfsg-12+deb8u5a_amd64.deb
 ed46bd5bd05618b4290f587a50e8f2af 51930 otherosfs optional qemu-system_2.1+dfsg-12+deb8u5a_amd64.deb
 3c3b5e1d3cf942b52ac3771594f13e0c 281718 otherosfs optional qemu-system-common_2.1+dfsg-12+deb8u5a_amd64.deb
 2b86a05b0aa2e5a0bf87e7480b9eecd5 5198408 otherosfs optional qemu-system-misc_2.1+dfsg-12+deb8u5a_amd64.deb
 7a46975c95639075da833fd35c1b9394 2231682 otherosfs optional qemu-system-arm_2.1+dfsg-12+deb8u5a_amd64.deb
 9723275929411168331a730805266b23 2553396 otherosfs optional qemu-system-mips_2.1+dfsg-12+deb8u5a_amd64.deb
 c168ca70082f88046a1a3c3f7a83cce3 2831746 otherosfs optional qemu-system-ppc_2.1+dfsg-12+deb8u5a_amd64.deb
 6bb485fd5ee4784d94ca5c3e178f61ac 1668400 otherosfs optional qemu-system-sparc_2.1+dfsg-12+deb8u5a_amd64.deb
 051a6a9e9fba93af38a27b3e6bd6b64c 2044598 otherosfs optional qemu-system-x86_2.1+dfsg-12+deb8u5a_amd64.deb
 ab193a8e1742d8380ea6a35127c99cd6 4890826 otherosfs optional qemu-user_2.1+dfsg-12+deb8u5a_amd64.deb
 0489e816f32dc50a7f8f4d7a79e741b1 6897096 otherosfs optional qemu-user-static_2.1+dfsg-12+deb8u5a_amd64.deb
 b41437f4cdcf07e2a8137a7ce92c4522 2888 otherosfs optional qemu-user-binfmt_2.1+dfsg-12+deb8u5a_amd64.deb
 0bbb16549689e5397e3a55ad7531c598 482032 otherosfs optional qemu-utils_2.1+dfsg-12+deb8u5a_amd64.deb
 c2c4ef5e05d15ae8cde6b80f9c1f7472 136226 otherosfs optional qemu-guest-agent_2.1+dfsg-12+deb8u5a_amd64.deb
 fac2f957c0ce24ef731e2b54a906fd9a 52592 otherosfs optional qemu-kvm_2.1+dfsg-12+deb8u5a_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBAgAGBQJWuEeEAAoJEL7lnXSkw9fbH3cIAKQi94EHeGSmHUG0HxqksPXX
HPF+FLyHALyksmLmZIe5ouZF9qE6CQs80humKjnY+cGV/jOID/hDAcnMImBMlR4N
8v9RN79x8OTUjZ1frz8moeDkOH7g562/3qM5depEG6GbLiNL6urEtYWp2LU+krIc
E2iUjE/LlDasYdXH9juD5MZcgHKvB0dMjRz/Qf0gnwpdkWAJSiamt9gBYqe+kJrf
6s7xmcbtbsHFgio6iMZ0r13zXWYLySzeLrp9cC+dzVYCBuKsXgSPwkz0rHNSLYGz
3wDVbt7AYU1AQGt1P5ZgHGRuSSgwGrzWNWGsvgWajQZn7C6qPPRc4X4CFL1u3rk=
=6EQc
-----END PGP SIGNATURE-----

Message #27 received at 810527-close@bugs.debian.org (full text, mbox, reply):

From: Michael Tokarev <mjt@tls.msk.ru>

To: 810527-close@bugs.debian.org

Subject: Bug#810527: fixed in qemu 1.1.2+dfsg-6a+deb7u12

Date: Wed, 10 Feb 2016 22:19:42 +0000

Source: qemu
Source-Version: 1.1.2+dfsg-6a+deb7u12

We believe that the bug you reported is fixed in the latest version of
qemu, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 810527@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Michael Tokarev <mjt@tls.msk.ru> (supplier of updated qemu package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Mon, 01 Feb 2016 23:53:18 +0300
Source: qemu
Binary: qemu qemu-keymaps qemu-system qemu-user qemu-user-static qemu-utils
Architecture: source all amd64
Version: 1.1.2+dfsg-6a+deb7u12
Distribution: wheezy-security
Urgency: high
Maintainer: Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>
Changed-By: Michael Tokarev <mjt@tls.msk.ru>
Description: 
 qemu       - fast processor emulator
 qemu-keymaps - QEMU keyboard maps
 qemu-system - QEMU full system emulation binaries
 qemu-user  - QEMU user mode emulation binaries
 qemu-user-static - QEMU user mode emulation binaries (static version)
 qemu-utils - QEMU utilities
Closes: 799452 806373 806741 806742 808130 808144 810519 810527 811201
Changes: 
 qemu (1.1.2+dfsg-6a+deb7u12) wheezy-security; urgency=high
 .
   * applied 3 patches from upstream to fix virtio-net
     possible remote DoS (Closes: #799452 CVE-2015-7295)
   * pcnet-add-check-to-validate-receive-data-size-CVE-2015-7504.patch
     (Closes: #806742, CVE-2015-7504)
   * pcnet-fix-rx-buffer-overflow-CVE-2015-7512.patch
     (Closes: #806741, CVE-2015-7512)
   * eepro100-prevent-two-endless-loops-CVE-2015-8345.patch
     (Closes: #806373, CVE-2015-8345)
   * vnc-avoid-floating-point-exception-CVE-2015-8504.patch
     (Closes: #808130, CVE-2015-8504)
   * ehci-make-idt-processing-more-robust-CVE-2015-8558.patch
     (Closes: #808144, CVE-2015-8558)
   * net-ne2000-fix-bounds-check-in-ioport-operations-CVE-2015-8743.patch
     (Closes: #810519, CVE-2015-8743)
   * ide-ahci-reset-ncq-object-to-unused-on-error-CVE-2016-1568.patch
     (Closes: #810527, CVE-2016-1568)
   * fw_cfg-add-check-to-validate-current-entry-value-CVE-2016-1714.patch
     (Closes: CVE-2016-1714)
   * i386-avoid-null-pointer-dereference-CVE-2016-1922.patch
     (Closes: #811201, CVE-2016-1922)
Checksums-Sha1: 
 8049b20d54a826ef824e18960b998c7557472b3f 2621 qemu_1.1.2+dfsg-6a+deb7u12.dsc
 ca5c1f97e6613394e18a96d79a2bfccdb6755104 128897 qemu_1.1.2+dfsg-6a+deb7u12.debian.tar.gz
 badd7b02e3010f7cf7f65f058ab1daa28f954dd0 50882 qemu-keymaps_1.1.2+dfsg-6a+deb7u12_all.deb
 ecb7a59bce9585e695c94850c7d1fdc54ea86a70 116268 qemu_1.1.2+dfsg-6a+deb7u12_amd64.deb
 366ea277a6675ee9c9884b190eb7dc136bc1c6bb 27900478 qemu-system_1.1.2+dfsg-6a+deb7u12_amd64.deb
 c673b5e8aa3859846ebfebea3f23ba87d563ba08 7725480 qemu-user_1.1.2+dfsg-6a+deb7u12_amd64.deb
 0fba70fb45d9378bb2dc99cf624b03f5f689d8b7 16572050 qemu-user-static_1.1.2+dfsg-6a+deb7u12_amd64.deb
 7799b60222d8d4281baba8c15fa902a0170f7ede 665080 qemu-utils_1.1.2+dfsg-6a+deb7u12_amd64.deb
Checksums-Sha256: 
 11de5b757f0daa8c0076e145f126b0468359d1273544c8b9cfeddb47273d4ad1 2621 qemu_1.1.2+dfsg-6a+deb7u12.dsc
 d023bfd26e9daada179627de8a25167e5534cb993261d3c5950036d7a6298cf1 128897 qemu_1.1.2+dfsg-6a+deb7u12.debian.tar.gz
 5894b3037f5676b4058bb84b7a00166f56a3a596278aa2e457ded016ab22e1f9 50882 qemu-keymaps_1.1.2+dfsg-6a+deb7u12_all.deb
 f10a04468db9370f5121544bd4fc7b252956004eabe797c2a4dfec8f946eb344 116268 qemu_1.1.2+dfsg-6a+deb7u12_amd64.deb
 a7a6b8ad63fd2cc74198196ed2aac6c73083cc0c017395a9b6513ecc683e14d7 27900478 qemu-system_1.1.2+dfsg-6a+deb7u12_amd64.deb
 14cb7234e0222403ca93d419c63e3195d89eac8c4fd5649e5a43eaf85565c6f6 7725480 qemu-user_1.1.2+dfsg-6a+deb7u12_amd64.deb
 8ffeb21eba671458ed27b09a46d8872430c76ec4213caff4e498a2cdfaca0097 16572050 qemu-user-static_1.1.2+dfsg-6a+deb7u12_amd64.deb
 f3ee3a38739f62b2d3e6cf8daa19dd6e055a7d8c26f8b3afeefbbe8cd0f91046 665080 qemu-utils_1.1.2+dfsg-6a+deb7u12_amd64.deb
Files: 
 5573dde7e7e417b8c8e0a169ffe1ae34 2621 misc optional qemu_1.1.2+dfsg-6a+deb7u12.dsc
 c40eb75e7070afc3ba085b11da235550 128897 misc optional qemu_1.1.2+dfsg-6a+deb7u12.debian.tar.gz
 05657f12419d2284668c789ae1d03241 50882 misc optional qemu-keymaps_1.1.2+dfsg-6a+deb7u12_all.deb
 eee10df8a64c7e1a26dea186a6e97b81 116268 misc optional qemu_1.1.2+dfsg-6a+deb7u12_amd64.deb
 f7cb8e1521d5cc0509c366584607ecb9 27900478 misc optional qemu-system_1.1.2+dfsg-6a+deb7u12_amd64.deb
 fc1e6e19ecf87d653109ec0b428c5c51 7725480 misc optional qemu-user_1.1.2+dfsg-6a+deb7u12_amd64.deb
 6888dbf0cba12930a94d7692a4ac57df 16572050 misc optional qemu-user-static_1.1.2+dfsg-6a+deb7u12_amd64.deb
 6005db4212db4b1cb3aaf40a9baff08d 665080 misc optional qemu-utils_1.1.2+dfsg-6a+deb7u12_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBAgAGBQJWr8h4AAoJEL7lnXSkw9fbz7cH/0JQgJtjbVhQSExe/LQF/geu
Kad4NMhtC3biiA+kBuRcPwpocrCBFhzjkV98kLZbwXMfp1yONGpr1NmOZA+A4Bn7
Bmos6s1GiA6UTgwyo08b5UjYSdqMABdFKFeWkyeOhj68H72yAXQBbxV8PEa19YpR
GOVvj6h5/WPtwktbAZfRj3TrJOakcigmnuUGbvOO3yX8zAlJqR04rF1szN7JZADa
fPsaYxokXxeN4qIrA5/iBSa70/eKIL2i8Hd7tW4jM2Q/vX94HMQHcrchXFEIgJ7v
wVjT8urHMu3DzkTys70uP9bxHbigen2L4rFImFdI/pWZlBls9eFQaQ+1E/aTEmI=
=V5vA
-----END PGP SIGNATURE-----

Message #32 received at 810527-close@bugs.debian.org (full text, mbox, reply):

From: Michael Tokarev <mjt@tls.msk.ru>

To: 810527-close@bugs.debian.org

Subject: Bug#810527: fixed in qemu-kvm 1.1.2+dfsg-6+deb7u12

Date: Wed, 10 Feb 2016 22:20:21 +0000

Source: qemu-kvm
Source-Version: 1.1.2+dfsg-6+deb7u12

We believe that the bug you reported is fixed in the latest version of
qemu-kvm, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 810527@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Michael Tokarev <mjt@tls.msk.ru> (supplier of updated qemu-kvm package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Mon, 01 Feb 2016 23:53:18 +0300
Source: qemu-kvm
Binary: qemu-kvm qemu-kvm-dbg kvm
Architecture: source amd64
Version: 1.1.2+dfsg-6+deb7u12
Distribution: wheezy-security
Urgency: high
Maintainer: Michael Tokarev <mjt@tls.msk.ru>
Changed-By: Michael Tokarev <mjt@tls.msk.ru>
Description: 
 kvm        - dummy transitional package from kvm to qemu-kvm
 qemu-kvm   - Full virtualization on x86 hardware
 qemu-kvm-dbg - Debugging info for qemu-kvm
Closes: 799452 806373 806741 806742 808130 808144 810519 810527 811201
Changes: 
 qemu-kvm (1.1.2+dfsg-6+deb7u12) wheezy-security; urgency=high
 .
   * applied 3 patches from upstream to fix virtio-net
     possible remote DoS (Closes: #799452 CVE-2015-7295)
   * pcnet-add-check-to-validate-receive-data-size-CVE-2015-7504.patch
     (Closes: #806742, CVE-2015-7504)
   * pcnet-fix-rx-buffer-overflow-CVE-2015-7512.patch
     (Closes: #806741, CVE-2015-7512)
   * eepro100-prevent-two-endless-loops-CVE-2015-8345.patch
     (Closes: #806373, CVE-2015-8345)
   * vnc-avoid-floating-point-exception-CVE-2015-8504.patch
     (Closes: #808130, CVE-2015-8504)
   * ehci-make-idt-processing-more-robust-CVE-2015-8558.patch
     (Closes: #808144, CVE-2015-8558)
   * net-ne2000-fix-bounds-check-in-ioport-operations-CVE-2015-8743.patch
     (Closes: #810519, CVE-2015-8743)
   * ide-ahci-reset-ncq-object-to-unused-on-error-CVE-2016-1568.patch
     (Closes: #810527, CVE-2016-1568)
   * fw_cfg-add-check-to-validate-current-entry-value-CVE-2016-1714.patch
     (Closes: CVE-2016-1714)
   * i386-avoid-null-pointer-dereference-CVE-2016-1922.patch
     (Closes: #811201, CVE-2016-1922)
Checksums-Sha1: 
 d4538c4f85783793c947cdc432f1dea179d8f46e 2141 qemu-kvm_1.1.2+dfsg-6+deb7u12.dsc
 62b0ec7f261463d5ccd18f1b3cf9c6acdb4f2097 116561 qemu-kvm_1.1.2+dfsg-6+deb7u12.debian.tar.gz
 f6e8e1247549bc51e47dff0dc4f48b24d8e4d95c 1681396 qemu-kvm_1.1.2+dfsg-6+deb7u12_amd64.deb
 9d9fcea3292a044e64953d9de999308524cfc7b5 5274642 qemu-kvm-dbg_1.1.2+dfsg-6+deb7u12_amd64.deb
 48bab6462ebb9831dc04692d5b1146fb535843ff 25186 kvm_1.1.2+dfsg-6+deb7u12_amd64.deb
Checksums-Sha256: 
 64beb4e6f29513979b48deb3932d826b457c25358011048b3c090d5682152bd8 2141 qemu-kvm_1.1.2+dfsg-6+deb7u12.dsc
 c10c5304d6e227f8e6090c3f77d2cc4368bde3c6710ee4f0cdd1963193dadaaa 116561 qemu-kvm_1.1.2+dfsg-6+deb7u12.debian.tar.gz
 bf8c0218e27ac52cca0d69be470a422caa49b27007c09b71ae4fe532e9ab5791 1681396 qemu-kvm_1.1.2+dfsg-6+deb7u12_amd64.deb
 105d76435eb2cbc242c24c0cf9b0379699f56b0766c087f690e14e2919d0dcb3 5274642 qemu-kvm-dbg_1.1.2+dfsg-6+deb7u12_amd64.deb
 2a7871dd81cd3ffe4d826c06e8df503ce5993137fdbbe7d9d03efa44aa719dac 25186 kvm_1.1.2+dfsg-6+deb7u12_amd64.deb
Files: 
 144ef48116fcaf60b920412a1658994b 2141 misc optional qemu-kvm_1.1.2+dfsg-6+deb7u12.dsc
 6c1789caffb3fad07ae93d02dd7415dc 116561 misc optional qemu-kvm_1.1.2+dfsg-6+deb7u12.debian.tar.gz
 34cce6c5bed1c1658e71e2618a42547b 1681396 misc optional qemu-kvm_1.1.2+dfsg-6+deb7u12_amd64.deb
 4392245f14166fdae50dbfbaa5fb02ce 5274642 debug extra qemu-kvm-dbg_1.1.2+dfsg-6+deb7u12_amd64.deb
 221a8847104fb9f9cea071330a79fbae 25186 oldlibs extra kvm_1.1.2+dfsg-6+deb7u12_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBAgAGBQJWr8h6AAoJEL7lnXSkw9fbLt0H/2vgCcpm3suUaUsdZJZhifl/
fbgzYO25aFZ9yEdnz+/MLpXmXS4IvrD8gy4D+7a6HvoN6B8TLOgdGdpdvmlMXcDB
+/buijAtLHWQVl7F/lugVXUHMpPB8Yas7NTvH33Q1j/YNeznc1U70fTZKCz6oLYd
YfaRI0tEaPpnK9gG4LJfQotpzoKhYNtJrrcif3svKlOhGYHwrYVHdM1N64f1taph
IkK4bpwwp5P3AWLeDzJF9ifpb635gwUr5G+yojnZggj/IZuIJS4Ibw/nMUrGbMT5
mgn24j1d7SMv/jbVpXCdtljtDfjU25zJBFY9Lna6D31yqzRHe7yd5ukoEct6u9A=
=56BX
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.