Debian Bug report logs -
#772025
CVE-2014-8106: cirrus: insufficient blit region checks
Reported by: Michael Tokarev <mjt@tls.msk.ru>
Date: Thu, 4 Dec 2014 13:33:07 UTC
Severity: critical
Tags: fixed-upstream, patch, security, upstream
Found in version 1.1.2+dfsg-1
Fixed in versions 1.1.2+dfsg-6a+deb7u6, qemu/2.1+dfsg-9
Done: Michael Tokarev <mjt@tls.msk.ru>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>:
Bug#772025; Package qemu-system, qemu-kvm.
(Thu, 04 Dec 2014 13:33:11 GMT) (full text, mbox, link).
Acknowledgement sent
to Michael Tokarev <mjt@tls.msk.ru>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>.
(Thu, 04 Dec 2014 13:33:11 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: qemu-system, qemu-kvm
Version: 1.1.2+dfsg-1
Severity: critical
Tags: security patch upstream fixed-upstream
There's a CVE-2014-8106 reported against qemu.
The prob exists in earlier versions of qemu too,
affecting stable (wheezy) release as well.
/mjt
Added tag(s) pending.
Request was from <mjt@tls.msk.ru>
to control@bugs.debian.org.
(Thu, 04 Dec 2014 13:51:14 GMT) (full text, mbox, link).
Marked as fixed in versions 1.1.2+dfsg-6a+deb7u6.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Thu, 04 Dec 2014 13:51:18 GMT) (full text, mbox, link).
Reply sent
to Michael Tokarev <mjt@tls.msk.ru>:
You have taken responsibility.
(Thu, 04 Dec 2014 15:24:14 GMT) (full text, mbox, link).
Notification sent
to Michael Tokarev <mjt@tls.msk.ru>:
Bug acknowledged by developer.
(Thu, 04 Dec 2014 15:24:14 GMT) (full text, mbox, link).
Message #14 received at 772025-close@bugs.debian.org (full text, mbox, reply):
Source: qemu
Source-Version: 2.1+dfsg-9
We believe that the bug you reported is fixed in the latest version of
qemu, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 772025@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michael Tokarev <mjt@tls.msk.ru> (supplier of updated qemu package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Thu, 04 Dec 2014 00:10:43 +0300
Source: qemu
Binary: qemu qemu-system qemu-system-common qemu-system-misc qemu-system-arm qemu-system-mips qemu-system-ppc qemu-system-sparc qemu-system-x86 qemu-user qemu-user-static qemu-user-binfmt qemu-utils qemu-guest-agent qemu-kvm
Architecture: source
Version: 2.1+dfsg-9
Distribution: unstable
Urgency: high
Maintainer: Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>
Changed-By: Michael Tokarev <mjt@tls.msk.ru>
Description:
qemu - fast processor emulator
qemu-guest-agent - Guest-side qemu-system agent
qemu-kvm - QEMU Full virtualization on x86 hardware
qemu-system - QEMU full system emulation binaries
qemu-system-arm - QEMU full system emulation binaries (arm)
qemu-system-common - QEMU full system emulation binaries (common files)
qemu-system-mips - QEMU full system emulation binaries (mips)
qemu-system-misc - QEMU full system emulation binaries (miscelaneous)
qemu-system-ppc - QEMU full system emulation binaries (ppc)
qemu-system-sparc - QEMU full system emulation binaries (sparc)
qemu-system-x86 - QEMU full system emulation binaries (x86)
qemu-user - QEMU user mode emulation binaries
qemu-user-binfmt - QEMU user mode binfmt registration for qemu-user
qemu-user-static - QEMU user mode emulation binaries (static version)
qemu-utils - QEMU utilities
Closes: 772025
Changes:
qemu (2.1+dfsg-9) unstable; urgency=high
.
* apply upstream patches for CVE-2014-8106
(cirrus: insufficient blit region checks)
(Closes: #772025 CVE-2014-8106)
Checksums-Sha1:
5d7e85048c6f8db837e99c28952e2f63675d9bf7 5152 qemu_2.1+dfsg-9.dsc
5ad90b3e52ee83bc3aee083d6a813d0e2c0847b7 88320 qemu_2.1+dfsg-9.debian.tar.xz
Checksums-Sha256:
cb45d50718e7eb6d5c789ca8ca3028ceb8dca03107e020ef3d53010caf491729 5152 qemu_2.1+dfsg-9.dsc
794b103a69569b17bac273686eacffd9c4bf46ad0b8e4e2a90f83904a0d844eb 88320 qemu_2.1+dfsg-9.debian.tar.xz
Files:
8bfa4ce0c7385d5f5f961c94fe4c0c13 5152 otherosfs optional qemu_2.1+dfsg-9.dsc
83eed0ec3aaa2e4b62a5d198dc12c9cc 88320 otherosfs optional qemu_2.1+dfsg-9.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQEcBAEBAgAGBQJUgHd5AAoJEL7lnXSkw9fbQswH/3Br8WiyqLYL7SxQaj/kkMdC
9ioLbq+g4YqxRR/FjTYzzZQfit4tCFglyEsIU+sGjGR5s/9Tckde38Z24as/HVsA
U8S8O0SXade/gB2v4wKpzNCrEU9aMTq1Kh9B2HKd/Q3Tu6zwLZVNSgdyooqd6i3g
cv3/RT0csZcyQkw+jEWbWSdhR1+ymrKbCgxJTD11wCd25W0faojDe9FnFvVkHH1s
2rshJgeNWZXjU9iYxZnxohJdpet63caD9nStVz9ouwbyj6AW+BXgeeweED7j0NmW
ME7tgH0KKoy9BjC6fkpwIrFDA4fAC2gIxTYLUuHNcAvUxk7IyTFfSOsjCMjCpNc=
=mEBZ
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Fri, 02 Jan 2015 07:27:57 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 13:50:39 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon