Debian Bug report logs -
#762532
CVE-2014-3640: qemu: slirp: NULL pointer deref in sosendto()
Reported by: Henri Salo <henri@nerv.fi>
Date: Tue, 23 Sep 2014 06:57:12 UTC
Severity: important
Tags: confirmed, fixed-upstream, security, upstream
Found in version qemu/2.1+dfsg-4
Fixed in versions qemu/2.1+dfsg-5, qemu/1.1.2+dfsg-6a+deb7u4, qemu-kvm/1.1.2+dfsg-6+deb7u4
Done: Michael Tokarev <mjt@tls.msk.ru>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>:
Bug#762532; Package qemu.
(Tue, 23 Sep 2014 06:57:17 GMT) (full text, mbox, link).
Acknowledgement sent
to Henri Salo <henri@nerv.fi>:
New Bug report received and forwarded. Copy sent to Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>.
(Tue, 23 Sep 2014 06:57:17 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Package: qemu
Version: 2.1+dfsg-4
Severity: important
Tags: security, fixed-upstream
Hi,
When guest sends udp packet with source port and source addr 0,
uninitialized socket is picked up when looking for matching and already
created udp sockets, and later passed to sosendto() where NULL pointer
dereference is hit during so->slirp->vnetwork_mask.s_addr access.
Fix this by checking that the socket is not just a socket stub.
Please see this discussion for more information:
http://lists.nongnu.org/archive/html/qemu-devel/2014-09/msg03543.html
- ---
Henri Salo
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iEYEARECAAYFAlQhGTkACgkQXf6hBi6kbk/46gCfbwwiaD3Zdfbo5z57NihRYfvJ
J34An0KG/kIRMQlB9CYUgcwM9net67oc
=7klY
-----END PGP SIGNATURE-----
Added tag(s) upstream.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Tue, 23 Sep 2014 07:09:16 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>:
Bug#762532; Package qemu.
(Tue, 23 Sep 2014 16:27:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Michael Tokarev <mjt@tls.msk.ru>:
Extra info received and forwarded to list. Copy sent to Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>.
(Tue, 23 Sep 2014 16:27:06 GMT) (full text, mbox, link).
Message #12 received at 762532@bugs.debian.org (full text, mbox, reply):
Control: tag -1 + confirmed pending
23.09.2014 10:54, Henri Salo wrote:
> When guest sends udp packet with source port and source addr 0,
> uninitialized socket is picked up when looking for matching and already
> created udp sockets, and later passed to sosendto() where NULL pointer
> dereference is hit during so->slirp->vnetwork_mask.s_addr access.
>
> Fix this by checking that the socket is not just a socket stub.
>
> Please see this discussion for more information:
> http://lists.nongnu.org/archive/html/qemu-devel/2014-09/msg03543.html
Yes, that's a security fix indeed, but it is, again, of a rather low
impact. At max it will lead to qemu process crashing (so a DoS), but
the thing is that slirp (aka user-mode networking) in qemu should never
be used for anything serious because it is very slow and has many
limitations, it is a poor-man bandaind to get networking running
quick without setting up tap devices and bridges...
I'll fix this for the next upload anyway.
Thanks,
/mjt
Added tag(s) confirmed and pending.
Request was from Michael Tokarev <mjt@tls.msk.ru>
to 762532-submit@bugs.debian.org.
(Tue, 23 Sep 2014 16:27:06 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>:
Bug#762532; Package qemu.
(Wed, 24 Sep 2014 11:12:23 GMT) (full text, mbox, link).
Acknowledgement sent
to Henri Salo <henri@nerv.fi>:
Extra info received and forwarded to list. Copy sent to Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>.
(Wed, 24 Sep 2014 11:12:23 GMT) (full text, mbox, link).
Message #19 received at 762532@bugs.debian.org (full text, mbox, reply):
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Tue, Sep 23, 2014 at 08:26:03PM +0400, Michael Tokarev wrote:
> Yes, that's a security fix indeed, but it is, again, of a rather low
> impact. At max it will lead to qemu process crashing (so a DoS), but
> the thing is that slirp (aka user-mode networking) in qemu should never
> be used for anything serious because it is very slow and has many
> limitations, it is a poor-man bandaind to get networking running
> quick without setting up tap devices and bridges...
Ok. I did not know this. I'm creating issues in Debian BTS for security
vulnerabilities so that maintainers know about them. These are also added to
Debian security-tracker. In some packages maintainer is watching upstream
advisories closely, but this is not always the case.
> I'll fix this for the next upload anyway.
Thank you.
- ---
Henri Salo
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iEYEARECAAYFAlQippsACgkQXf6hBi6kbk/FIgCg0GtsawLjtuulS+umwUWTBsds
EEYAoIBjeSqjv9SCezL4u0vXDGTEry6c
=KPem
-----END PGP SIGNATURE-----
Reply sent
to Michael Tokarev <mjt@tls.msk.ru>:
You have taken responsibility.
(Fri, 26 Sep 2014 15:39:20 GMT) (full text, mbox, link).
Notification sent
to Henri Salo <henri@nerv.fi>:
Bug acknowledged by developer.
(Fri, 26 Sep 2014 15:39:20 GMT) (full text, mbox, link).
Message #24 received at 762532-close@bugs.debian.org (full text, mbox, reply):
Source: qemu
Source-Version: 2.1+dfsg-5
We believe that the bug you reported is fixed in the latest version of
qemu, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 762532@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michael Tokarev <mjt@tls.msk.ru> (supplier of updated qemu package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Fri, 26 Sep 2014 17:43:26 +0400
Source: qemu
Binary: qemu qemu-system qemu-system-common qemu-system-misc qemu-system-arm qemu-system-mips qemu-system-ppc qemu-system-sparc qemu-system-x86 qemu-user qemu-user-static qemu-user-binfmt qemu-utils qemu-guest-agent qemu-kvm
Architecture: source amd64
Version: 2.1+dfsg-5
Distribution: unstable
Urgency: medium
Maintainer: Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>
Changed-By: Michael Tokarev <mjt@tls.msk.ru>
Description:
qemu - fast processor emulator
qemu-guest-agent - Guest-side qemu-system agent
qemu-kvm - QEMU Full virtualization on x86 hardware
qemu-system - QEMU full system emulation binaries
qemu-system-arm - QEMU full system emulation binaries (arm)
qemu-system-common - QEMU full system emulation binaries (common files)
qemu-system-mips - QEMU full system emulation binaries (mips)
qemu-system-misc - QEMU full system emulation binaries (miscelaneous)
qemu-system-ppc - QEMU full system emulation binaries (ppc)
qemu-system-sparc - QEMU full system emulation binaries (sparc)
qemu-system-x86 - QEMU full system emulation binaries (x86)
qemu-user - QEMU user mode emulation binaries
qemu-user-binfmt - QEMU user mode binfmt registration for qemu-user
qemu-user-static - QEMU user mode emulation binaries (static version)
qemu-utils - QEMU utilities
Closes: 761137 762532
Changes:
qemu (2.1+dfsg-5) unstable; urgency=medium
.
* upstream bugfix release v2.1.2
(Closes: #762532 CVE-2014-3640 CVE-2014-5388)
* Add x32 to the list of supported architectures
(patch by Thorsten Glaser)
* fix wrong reference in kvm.1 (Closes: #761137)
* removed patches (applied upstream):
l2tp-linux-only.patch
ide-only-constrain-read_write-requests-to-drive-size.diff
pc-reserve-more-memory-for-acpi.patch
Checksums-Sha1:
365dd866e23230d4de5999c8d8f6d666dcdc2af1 5152 qemu_2.1+dfsg-5.dsc
47050e95de38c66ca9ae7da43f287624417ec981 76652 qemu_2.1+dfsg-5.debian.tar.xz
eb0569fc1e46d23d0836870941c15a015f1b3268 119130 qemu_2.1+dfsg-5_amd64.deb
0357029576c84ddbaa78937a8860a03e227563d3 48030 qemu-system_2.1+dfsg-5_amd64.deb
b2a9fe20fcd9efa126014b0217b3af07716bfd80 278046 qemu-system-common_2.1+dfsg-5_amd64.deb
500fc776f26eb33ec676ebc95238cf7f93b46ef9 5169100 qemu-system-misc_2.1+dfsg-5_amd64.deb
2c380234d4075750beac3147cc56cc474faec12c 2226180 qemu-system-arm_2.1+dfsg-5_amd64.deb
12c5ee98a64ddceb8af829ef1771e45588d368d5 2546898 qemu-system-mips_2.1+dfsg-5_amd64.deb
570507d41cba98d0b1855029d4f124de67fd2c4c 2817104 qemu-system-ppc_2.1+dfsg-5_amd64.deb
1f946d77382395a9391fbc4f0aa268bc9c4ba3e8 1661424 qemu-system-sparc_2.1+dfsg-5_amd64.deb
7a15df1ad68a4291f802b9de9797cd48452db3e8 2036530 qemu-system-x86_2.1+dfsg-5_amd64.deb
d5a6edd8e00f60a925b7f44dc6faa79e3fe3ee23 4879628 qemu-user_2.1+dfsg-5_amd64.deb
2e90fac99ad4545840a6a762f96b7f9c73448c6c 6940596 qemu-user-static_2.1+dfsg-5_amd64.deb
277cd81b2901a05b2596991d51ca59e0735d1a0c 2656 qemu-user-binfmt_2.1+dfsg-5_amd64.deb
07064c09bd0fe21cc0d0f5923ab906bf31c78b0a 477884 qemu-utils_2.1+dfsg-5_amd64.deb
60eef23dd81256d92d00be8f59ec264263ea51c8 133002 qemu-guest-agent_2.1+dfsg-5_amd64.deb
1d27f6d20c586bbb9cdfb1bed637373d1bcaba18 49052 qemu-kvm_2.1+dfsg-5_amd64.deb
Checksums-Sha256:
590575479aa04c000e1e1ff530fec51b9e23854117396eac0a59ce6213b52657 5152 qemu_2.1+dfsg-5.dsc
f01f123249af855c8d1b40af98db49e39e4ec488ed443b77ef8951445b116d39 76652 qemu_2.1+dfsg-5.debian.tar.xz
45fb1bdd723d61171daaa658fa7d1c24f1cfa5ee4defe36d67f050a894d8c2ac 119130 qemu_2.1+dfsg-5_amd64.deb
d8929fb5b999ff326c96d94ffe85910d60a104f24cba125f91d671ee9062eb2f 48030 qemu-system_2.1+dfsg-5_amd64.deb
1bf55aff18a2dfbbc9b495548fee65fcb65cc18aea7eae60eb54350d92d2f795 278046 qemu-system-common_2.1+dfsg-5_amd64.deb
64d3b6008993d3de10947263b145e7a8f69d9cc5e79231400716d86155866e88 5169100 qemu-system-misc_2.1+dfsg-5_amd64.deb
c1d6bbdd6aa5bdd8c35c724dc1ef8e23ea84c18a870a5a82f0e7c8074c1bcfdf 2226180 qemu-system-arm_2.1+dfsg-5_amd64.deb
75e2b964de6c068380311697a4a1a845fe825985a6095ab618f5aa0ded104c80 2546898 qemu-system-mips_2.1+dfsg-5_amd64.deb
75b1d5d302a52ddc1eb82e24d33bd6543f050abe22fe41e8271e6e1fa5e82887 2817104 qemu-system-ppc_2.1+dfsg-5_amd64.deb
68ddc2fe84daea566194c0cf92c07fb0c7308b5fa33516f4a0a32b5812eed40e 1661424 qemu-system-sparc_2.1+dfsg-5_amd64.deb
a047e2b0d38c268396828f4a31f207aada70162f059e8c4c3a002272113c6bff 2036530 qemu-system-x86_2.1+dfsg-5_amd64.deb
2bbee2271459e146f167967cbf8d1d94ca74484275dbad3307d715664106b2dd 4879628 qemu-user_2.1+dfsg-5_amd64.deb
39316aba0b85060b66a59dcb3cd00b961bee116cbb64a81fe28b9e47f6fee5f8 6940596 qemu-user-static_2.1+dfsg-5_amd64.deb
889b770e4be91406ad85e70d26b98788a97ad98e018cd2f3b9139ab0503b5443 2656 qemu-user-binfmt_2.1+dfsg-5_amd64.deb
7ed3855b58c8c5f1edd210986ccfc0cb70511c6f9c3bdf48c319e32aa016d70f 477884 qemu-utils_2.1+dfsg-5_amd64.deb
876733fd614bc21f4e5fafda604cffe02cc648160e08e1e11f1bed4b99d7b457 133002 qemu-guest-agent_2.1+dfsg-5_amd64.deb
76c3f5766d37c39eb9a18046f7c4492054e8fd6b2ae8da756443f6040c4487e7 49052 qemu-kvm_2.1+dfsg-5_amd64.deb
Files:
d0aa2a7ebab4a94ab928c691109ea2bf 119130 otherosfs optional qemu_2.1+dfsg-5_amd64.deb
22262928959b0f9fe45f25fd7768f5bb 48030 otherosfs optional qemu-system_2.1+dfsg-5_amd64.deb
4b3748c9ddd66e67498aff49f194d8d4 278046 otherosfs optional qemu-system-common_2.1+dfsg-5_amd64.deb
bf966f245ba49604b44d0d02b2d1bcbb 5169100 otherosfs optional qemu-system-misc_2.1+dfsg-5_amd64.deb
a7900055a51acc02ce321bff07bb9eb9 2226180 otherosfs optional qemu-system-arm_2.1+dfsg-5_amd64.deb
517f4464e27d039a7a6bc6370769df73 2546898 otherosfs optional qemu-system-mips_2.1+dfsg-5_amd64.deb
e8fdf474f758de6e077aa664a306eb19 2817104 otherosfs optional qemu-system-ppc_2.1+dfsg-5_amd64.deb
f719f6e58ff1a650666c9695c1ab0331 1661424 otherosfs optional qemu-system-sparc_2.1+dfsg-5_amd64.deb
9ac80fb8d755fd1d3d27157000c16f1b 2036530 otherosfs optional qemu-system-x86_2.1+dfsg-5_amd64.deb
2d2ced85739d75a070151eaeb9ef6428 4879628 otherosfs optional qemu-user_2.1+dfsg-5_amd64.deb
6799918da189468671f27670f2b9e4f3 6940596 otherosfs optional qemu-user-static_2.1+dfsg-5_amd64.deb
e46d81c6286812191067425a724baa60 2656 otherosfs optional qemu-user-binfmt_2.1+dfsg-5_amd64.deb
e842ec2f6e6c378a75c390e961893ec9 477884 otherosfs optional qemu-utils_2.1+dfsg-5_amd64.deb
1fab6fc9e9c43d232511ea5b8f59d566 133002 otherosfs optional qemu-guest-agent_2.1+dfsg-5_amd64.deb
415c64b77ade0c019a1effb4f666294d 49052 otherosfs optional qemu-kvm_2.1+dfsg-5_amd64.deb
20ae8f164a4547e7104b954f31eca2f0 5152 otherosfs optional qemu_2.1+dfsg-5.dsc
0dd3446f03d5c56216f636412e003f19 76652 otherosfs optional qemu_2.1+dfsg-5.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQEcBAEBAgAGBQJUJXFuAAoJEL7lnXSkw9fb6zcH/3pS5vuUYI3asrnZnSzGoFey
hqc/ZSgRJU5V/NJ7PB+R+GBCWeoh/ZIb54z2CkV21zqZ4EA2H8unsjJlivnGwHUP
JfkCzI5iYovVic+MGS4HXOQpREc3I3Ttc+wkbiuTT90zqypa6My/JpgWCwZGDnWb
GPpVD4zxj5xrXZJ9mqViDDtpIF8cDu1jqJdUBj/EYKuBnco88z81WKnhCDUa6HoB
LYtU1VCUjQ8SSWamAF59iWe5deAtLcQzTKunnb/VVftctKZq4ZI4273XjO883EEu
P+noyWrYtG9QMgMm5858XIrD/4x/WsGtTov+scPpijv76b7EXJcDCKJ0mYjpdXY=
=rC4m
-----END PGP SIGNATURE-----
Reply sent
to Michael Tokarev <mjt@tls.msk.ru>:
You have taken responsibility.
(Mon, 06 Oct 2014 05:21:10 GMT) (full text, mbox, link).
Notification sent
to Henri Salo <henri@nerv.fi>:
Bug acknowledged by developer.
(Mon, 06 Oct 2014 05:21:10 GMT) (full text, mbox, link).
Message #29 received at 762532-close@bugs.debian.org (full text, mbox, reply):
Source: qemu
Source-Version: 1.1.2+dfsg-6a+deb7u4
We believe that the bug you reported is fixed in the latest version of
qemu, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 762532@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michael Tokarev <mjt@tls.msk.ru> (supplier of updated qemu package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Tue, 20 May 2014 09:49:42 +0400
Source: qemu
Binary: qemu qemu-keymaps qemu-system qemu-user qemu-user-static qemu-utils
Architecture: source all amd64
Version: 1.1.2+dfsg-6a+deb7u4
Distribution: wheezy-security
Urgency: medium
Maintainer: Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>
Changed-By: Michael Tokarev <mjt@tls.msk.ru>
Description:
qemu - fast processor emulator
qemu-keymaps - QEMU keyboard maps
qemu-system - QEMU full system emulation binaries
qemu-user - QEMU user mode emulation binaries
qemu-user-static - QEMU user mode emulation binaries (static version)
qemu-utils - QEMU utilities
Closes: 742730 762532
Changes:
qemu (1.1.2+dfsg-6a+deb7u4) wheezy-security; urgency=medium
.
* image-format-validation patch series backported from 2.0, closing
CVE-2014-0142, CVE-2014-0143, CVE-2014-0144, CVE-2014-0145,
CVE-2014-0146, CVE-2014-0147, CVE-2014-0222, CVE-2014-0223
(Closes: #742730)
* slirp-udp-fix-NULL-pointer-deref-uninit-socket-CVE-2014-3640.patch
closing CVE-2014-3640 (Closes: #762532)
* spice-make-sure-we-don-t-overflow-ssd-buf-CVE-2014-3615.patch and
vbe-rework-sanity-checks-CVE-2014-3615.patch closing CVE-2014-3615
Checksums-Sha1:
75418972e5f851c7f2f2f97fd9fbbfc4cdf4f9e8 2631 qemu_1.1.2+dfsg-6a+deb7u4.dsc
1a379a34bad6c0367455c250ea41bd9562420919 99946 qemu_1.1.2+dfsg-6a+deb7u4.debian.tar.gz
29cbf6130b5eb5e300e9ea8960750ca6c3263fec 49506 qemu-keymaps_1.1.2+dfsg-6a+deb7u4_all.deb
af87e95c031013696dad6e9909e6f140140e61e6 114694 qemu_1.1.2+dfsg-6a+deb7u4_amd64.deb
797b6264037f17ee3213e2dd995325521410c7f1 27892230 qemu-system_1.1.2+dfsg-6a+deb7u4_amd64.deb
f5e886553e4fecf2b764f71753006764351df98b 7721160 qemu-user_1.1.2+dfsg-6a+deb7u4_amd64.deb
b3bf607e20ea01f40d7d5833269d7ddbb90dbc90 16547038 qemu-user-static_1.1.2+dfsg-6a+deb7u4_amd64.deb
1b719c63be490d3ca6a2731fe937f507ecbf6413 663740 qemu-utils_1.1.2+dfsg-6a+deb7u4_amd64.deb
Checksums-Sha256:
41175101b3ca819b13fd8fb43decbedc6d932243e7124d31b2242ce0234a6011 2631 qemu_1.1.2+dfsg-6a+deb7u4.dsc
9897dc09173d8b748616da8efb116e06068e93b30ef1386223bb5a2ba31a1d1e 99946 qemu_1.1.2+dfsg-6a+deb7u4.debian.tar.gz
3ebe1c3fb70b0be05f3af6b4c9aaa0f192b6b24e045873d2c86c42a01032b72d 49506 qemu-keymaps_1.1.2+dfsg-6a+deb7u4_all.deb
ed9595d97da35f54d0b67c371d70cba703b9e2f540c20d501351f45026acc8d6 114694 qemu_1.1.2+dfsg-6a+deb7u4_amd64.deb
d754fd26c6df6bcccca0232c9bb56c62ae755eb79bb03a2a140b041296e4d29c 27892230 qemu-system_1.1.2+dfsg-6a+deb7u4_amd64.deb
1c535ef6e7e57f722e14cca0c8562505736caa16285a5d59994820c1142ca381 7721160 qemu-user_1.1.2+dfsg-6a+deb7u4_amd64.deb
e6b6dd6f50285e2ff0b476cd8b1bec948de0a0dd3fe22a3e1b492f65fae6819d 16547038 qemu-user-static_1.1.2+dfsg-6a+deb7u4_amd64.deb
e77941f84c15ca67d9bf8194a7f271d91fde40d6f6312c0b8a246dd71546d8f9 663740 qemu-utils_1.1.2+dfsg-6a+deb7u4_amd64.deb
Files:
dc97eac69c5c1b2548af943b26ff565b 2631 misc optional qemu_1.1.2+dfsg-6a+deb7u4.dsc
3ae68603159e2acdd3028e082e95114d 99946 misc optional qemu_1.1.2+dfsg-6a+deb7u4.debian.tar.gz
cd00c9e61e74c476ad2fb3db6a876027 49506 misc optional qemu-keymaps_1.1.2+dfsg-6a+deb7u4_all.deb
5cac15ac270d69489de4171914919aa2 114694 misc optional qemu_1.1.2+dfsg-6a+deb7u4_amd64.deb
3c6ef9428bca03ff3d15ece8b76ed60a 27892230 misc optional qemu-system_1.1.2+dfsg-6a+deb7u4_amd64.deb
007b979afb55d76f2cb8d48a000086bb 7721160 misc optional qemu-user_1.1.2+dfsg-6a+deb7u4_amd64.deb
ad08b89ca2d2307a2592aec5e8523588 16547038 misc optional qemu-user-static_1.1.2+dfsg-6a+deb7u4_amd64.deb
7cdc10e07284df01718ad975aed806f0 663740 misc optional qemu-utils_1.1.2+dfsg-6a+deb7u4_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQEcBAEBAgAGBQJUL6cWAAoJEL7lnXSkw9fbAJkH/iqhawf+8hhb9HVEdHf6fWKn
w7mKDhov1u/o7X4OoK1AVfp2qcaljIX30aTREGbhPdsvZGGYUrUFXFZzp0FyqSpK
kPgh49ir3tU7wNGU0jw4XTtsdnI9HRV7nkwmxPOw6Y36KOLOUBl5xIy1JQVhpvw6
nHoHraW357bICN+IGVaLZlG/1w4LnsqqKJw5Oiia5T466tUYC288boCWXczelYdy
QcYdQ7ykqSclnIqoHzFMCV8MsnPfShillRYOuBwt4z2CVNe9yk8ifU6nnjWT5Kg7
ZOFFSJ45a3qEoXLF275OLOqdOAuUTkwXD2ypC71TOn/zoamxtb32a/AmDT8l2MQ=
=IUKd
-----END PGP SIGNATURE-----
Reply sent
to Michael Tokarev <mjt@tls.msk.ru>:
You have taken responsibility.
(Mon, 06 Oct 2014 05:21:14 GMT) (full text, mbox, link).
Notification sent
to Henri Salo <henri@nerv.fi>:
Bug acknowledged by developer.
(Mon, 06 Oct 2014 05:21:14 GMT) (full text, mbox, link).
Message #34 received at 762532-close@bugs.debian.org (full text, mbox, reply):
Source: qemu-kvm
Source-Version: 1.1.2+dfsg-6+deb7u4
We believe that the bug you reported is fixed in the latest version of
qemu-kvm, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 762532@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michael Tokarev <mjt@tls.msk.ru> (supplier of updated qemu-kvm package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Tue, 20 May 2014 09:49:42 +0400
Source: qemu-kvm
Binary: qemu-kvm qemu-kvm-dbg kvm
Architecture: source amd64
Version: 1.1.2+dfsg-6+deb7u4
Distribution: wheezy-security
Urgency: medium
Maintainer: Michael Tokarev <mjt@tls.msk.ru>
Changed-By: Michael Tokarev <mjt@tls.msk.ru>
Description:
kvm - dummy transitional package from kvm to qemu-kvm
qemu-kvm - Full virtualization on x86 hardware
qemu-kvm-dbg - Debugging info for qemu-kvm
Closes: 742730 762532
Changes:
qemu-kvm (1.1.2+dfsg-6+deb7u4) wheezy-security; urgency=medium
.
* image-format-validation patch series backported from 2.0, closing
CVE-2014-0142, CVE-2014-0143, CVE-2014-0144, CVE-2014-0145,
CVE-2014-0146, CVE-2014-0147, CVE-2014-0222, CVE-2014-0223
(Closes: #742730)
* slirp-udp-fix-NULL-pointer-deref-uninit-socket-CVE-2014-3640.patch
closing CVE-2014-3640 (Closes: #762532)
* spice-make-sure-we-don-t-overflow-ssd-buf-CVE-2014-3615.patch and
vbe-rework-sanity-checks-CVE-2014-3615.patch closing CVE-2014-3615
Checksums-Sha1:
033d9670de8d69175df276e8db54018d530ce57c 2151 qemu-kvm_1.1.2+dfsg-6+deb7u4.dsc
5e961540c44528340281ffa8cd84125a984a88a0 88441 qemu-kvm_1.1.2+dfsg-6+deb7u4.debian.tar.gz
55f56f755085478825bcfce503fba01dd2b5abdf 1678162 qemu-kvm_1.1.2+dfsg-6+deb7u4_amd64.deb
ad86b2a14d26380816181c6bded6875be61cfe34 5269962 qemu-kvm-dbg_1.1.2+dfsg-6+deb7u4_amd64.deb
8bff93e26c7f9f42706be9714569f6d25605d7e4 23900 kvm_1.1.2+dfsg-6+deb7u4_amd64.deb
Checksums-Sha256:
2c18102ccc6c4e80d714f23149e63c2fc96fd83c2e8941ac1f04f192b5ad757e 2151 qemu-kvm_1.1.2+dfsg-6+deb7u4.dsc
70303a2c4e188c05f0aa1d99d7e11b7798044c5437413b4b840f00db27997b66 88441 qemu-kvm_1.1.2+dfsg-6+deb7u4.debian.tar.gz
fd6119a6c019e51079f0de58b16b86557fa3b16a57162daee7fbffa9a482f24f 1678162 qemu-kvm_1.1.2+dfsg-6+deb7u4_amd64.deb
3f0cd2f1d9d10789a39b35c082e925b755afe3373f0ad17cf01de6269e354686 5269962 qemu-kvm-dbg_1.1.2+dfsg-6+deb7u4_amd64.deb
9344db2f7fce3439d4098bbe16e0592eee40a2612153d44f31033f2d487a76cd 23900 kvm_1.1.2+dfsg-6+deb7u4_amd64.deb
Files:
c388554c24916995ee9ded2fe8f10ceb 2151 misc optional qemu-kvm_1.1.2+dfsg-6+deb7u4.dsc
5f035b9aaa4bc4d3b6b22fc55252791c 88441 misc optional qemu-kvm_1.1.2+dfsg-6+deb7u4.debian.tar.gz
caaae3c9bac9c8c7205c86bb5f247ea6 1678162 misc optional qemu-kvm_1.1.2+dfsg-6+deb7u4_amd64.deb
180ee0f7236fab62485c0185c8f269ee 5269962 debug extra qemu-kvm-dbg_1.1.2+dfsg-6+deb7u4_amd64.deb
2faed5be9120dcf1666c1f99cbd00c89 23900 oldlibs extra kvm_1.1.2+dfsg-6+deb7u4_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQEcBAEBAgAGBQJUL6cUAAoJEL7lnXSkw9fbZdoH/0JBYBUsEQPk4V3EJ3Frf5Mi
C2R9oOEHQV7BxzNBOiEQO74cHArsexHLzmzdBou3YDGgy36LN4LJkRW/BgkRrdk7
u/cJs8dux1D2sMdOOSek7lQtFraW6zc5ARiNQdbedYSyn2R0Z6TxgpqIOluu0t/h
CYby5Smc4pIPy8gKbR3IuzlabVcgDP9cGXfseG12BlhqH+A3CVJEk7N4XPknayvY
grtda2f/fZ/alWYG3oeY3lqsisVV1mrar71uXBGMtwoNpTDz4aOITfvL2C2OnQpL
pOmp+HkwsJYdv4+n2xImJEm84upOFIXIVoyYeDGoJ/yB4ERDCaJiDL6LWU/U8hs=
=2rpy
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Mon, 03 Nov 2014 07:37:50 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 17:05:57 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon