Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

qemu: CVE-2013-4344

Related Vulnerabilities: CVE-2013-4344   CVE-2014-2894  

Source

Debian Bug report logs - #725944
qemu: CVE-2013-4344

version graph

Package: qemu; Maintainer for qemu is Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>; Source for qemu is src:qemu (PTS, buildd, popcon).

Reported by: Moritz Muehlenhoff <jmm@inutil.org>

Date: Thu, 10 Oct 2013 07:42:06 UTC

Severity: important

Tags: security

Found in version qemu/1.1.2+dfsg-1

Fixed in versions qemu/1.6.0+dfsg-2, qemu/1.1.2+dfsg-6a+deb7u3, qemu-kvm/1.1.2+dfsg-6+deb7u3

Done: Michael Tokarev <mjt@tls.msk.ru>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>:
Bug#725944; Package qemu. (Thu, 10 Oct 2013 07:42:11 GMT) (full text, mbox, link).

Acknowledgement sent to Moritz Muehlenhoff <jmm@inutil.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>. (Thu, 10 Oct 2013 07:42:11 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Moritz Muehlenhoff <jmm@inutil.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: qemu: CVE-2013-4344
Date: Thu, 10 Oct 2013 09:33:48 +0200
Package: qemu
Severity: grave
Tags: security
Justification: user security hole

Hi,
this was assigned CVE-2013-4344:
http://thread.gmane.org/gmane.comp.emulators.qemu/237161

Patch:
http://article.gmane.org/gmane.comp.emulators.qemu/237163

Cheers,
        Moritz

Information forwarded to debian-bugs-dist@lists.debian.org, Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>:
Bug#725944; Package qemu. (Thu, 10 Oct 2013 08:39:09 GMT) (full text, mbox, link).

Acknowledgement sent to Michael Tokarev <mjt@tls.msk.ru>:
Extra info received and forwarded to list. Copy sent to Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>. (Thu, 10 Oct 2013 08:39:09 GMT) (full text, mbox, link).

Message #10 received at submit@bugs.debian.org (full text, mbox, reply):

From: Michael Tokarev <mjt@tls.msk.ru>
To: Moritz Muehlenhoff <jmm@inutil.org>, 725944@bugs.debian.org
Cc: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Re: Bug#725944: qemu: CVE-2013-4344
Date: Thu, 10 Oct 2013 12:34:13 +0400
Control: severity -1 minor

10.10.2013 11:33, Moritz Muehlenhoff wrote:
> Package: qemu
> Severity: grave
> Tags: security
> Justification: user security hole

Yes, this is a security hole, but it is a _configuration_ security hole.
The administrator/user of qemu should configure more than 256 luns.

In other, simpler words, qemu have to run with 256 -drive parameters for
the guest to be able to trigger the overflow.  (Or this can be added
dynamically using drive_add qemu monitor command - still not from within
guest).

Such configurations are EXTREMLY uncommon, actually I highly doubt they
exist in practice at all.

That's the reason I questioned validity of this CVE# assignment, and also
why I didn't submit this bugreport to debian (I knew about it for quite
some time already).

Maybe I don't understand something, in this case the severity should be
upped again.

Thanks,

/mjt


> this was assigned CVE-2013-4344:
> http://thread.gmane.org/gmane.comp.emulators.qemu/237161
>
> Patch:
> http://article.gmane.org/gmane.comp.emulators.qemu/237163
>
> Cheers,
>          Moritz
>

Severity set to 'minor' from 'grave' Request was from Michael Tokarev <mjt@tls.msk.ru> to submit@bugs.debian.org. (Thu, 10 Oct 2013 08:39:09 GMT) (full text, mbox, link).

Information forwarded to debian-bugs-dist@lists.debian.org, Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>:
Bug#725944; Package qemu. (Thu, 10 Oct 2013 08:39:19 GMT) (full text, mbox, link).

Acknowledgement sent to Michael Tokarev <mjt@tls.msk.ru>:
Extra info received and forwarded to list. Copy sent to Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>. (Thu, 10 Oct 2013 08:39:19 GMT) (full text, mbox, link).

Information forwarded to debian-bugs-dist@lists.debian.org, Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>:
Bug#725944; Package qemu. (Thu, 10 Oct 2013 13:09:09 GMT) (full text, mbox, link).

Acknowledgement sent to Moritz Muehlenhoff <jmm@inutil.org>:
Extra info received and forwarded to list. Copy sent to Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>. (Thu, 10 Oct 2013 13:09:09 GMT) (full text, mbox, link).

Message #22 received at 725944@bugs.debian.org (full text, mbox, reply):

From: Moritz Muehlenhoff <jmm@inutil.org>
To: Michael Tokarev <mjt@tls.msk.ru>
Cc: 725944@bugs.debian.org
Subject: Re: Bug#725944: qemu: CVE-2013-4344
Date: Thu, 10 Oct 2013 14:59:12 +0200
On Thu, Oct 10, 2013 at 12:34:13PM +0400, Michael Tokarev wrote:
> Control: severity -1 minor
>
> 10.10.2013 11:33, Moritz Muehlenhoff wrote:
>> Package: qemu
>> Severity: grave
>> Tags: security
>> Justification: user security hole
>
> Yes, this is a security hole, but it is a _configuration_ security hole.
> The administrator/user of qemu should configure more than 256 luns.
>
> In other, simpler words, qemu have to run with 256 -drive parameters for
> the guest to be able to trigger the overflow.  (Or this can be added
> dynamically using drive_add qemu monitor command - still not from within
> guest).
>
> Such configurations are EXTREMLY uncommon, actually I highly doubt they
> exist in practice at all.
>
> That's the reason I questioned validity of this CVE# assignment, and also
> why I didn't submit this bugreport to debian (I knew about it for quite
> some time already).
>
> Maybe I don't understand something, in this case the severity should be
> upped again.

I wasn't aware of that circumstances. If it can only be triggered by a
privileged user creating a malformed configuration we don't have a security
problem, but only a plain bug.

Cheers,
        Moritz

Reply sent to Michael Tokarev <mjt@tls.msk.ru>:
You have taken responsibility. (Fri, 11 Oct 2013 06:21:05 GMT) (full text, mbox, link).

Notification sent to Moritz Muehlenhoff <jmm@inutil.org>:
Bug acknowledged by developer. (Fri, 11 Oct 2013 06:21:05 GMT) (full text, mbox, link).

Message #27 received at 725944-close@bugs.debian.org (full text, mbox, reply):

From: Michael Tokarev <mjt@tls.msk.ru>
To: 725944-close@bugs.debian.org
Subject: Bug#725944: fixed in qemu 1.6.0+dfsg-2
Date: Fri, 11 Oct 2013 06:19:27 +0000
Source: qemu
Source-Version: 1.6.0+dfsg-2

We believe that the bug you reported is fixed in the latest version of
qemu, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 725944@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Michael Tokarev <mjt@tls.msk.ru> (supplier of updated qemu package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Fri, 11 Oct 2013 01:15:48 +0400
Source: qemu
Binary: qemu qemu-keymaps qemu-system qemu-system-common qemu-system-misc qemu-system-arm qemu-system-mips qemu-system-ppc qemu-system-sparc qemu-system-x86 qemu-user qemu-user-static qemu-utils qemu-guest-agent qemu-kvm
Architecture: source amd64 all
Version: 1.6.0+dfsg-2
Distribution: unstable
Urgency: low
Maintainer: Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>
Changed-By: Michael Tokarev <mjt@tls.msk.ru>
Description: 
 qemu       - fast processor emulator
 qemu-guest-agent - Guest-side qemu-system agent
 qemu-keymaps - QEMU keyboard maps
 qemu-kvm   - QEMU Full virtualization on x86 hardware (transitional package)
 qemu-system - QEMU full system emulation binaries
 qemu-system-arm - QEMU full system emulation binaries (arm)
 qemu-system-common - QEMU full system emulation binaries (common files)
 qemu-system-mips - QEMU full system emulation binaries (mips)
 qemu-system-misc - QEMU full system emulation binaries (miscelaneous)
 qemu-system-ppc - QEMU full system emulation binaries (ppc)
 qemu-system-sparc - QEMU full system emulation binaries (sparc)
 qemu-system-x86 - QEMU full system emulation binaries (x86)
 qemu-user  - QEMU user mode emulation binaries
 qemu-user-static - QEMU user mode emulation binaries (static version)
 qemu-utils - QEMU utilities
Closes: 725944
Changes: 
 qemu (1.6.0+dfsg-2) unstable; urgency=low
 .
   * Build-depend in seccomp again once it is in -testing
   * 1.6.1 upstream bugfix release (Closes: #725944)
   * fix "allows [one] to" in qemu-ga description
   * fix descriptions for qemu-system and qemu-system-common packages
Checksums-Sha1: 
 7d73638eec1c519f6b5f1baacdbddde22d8ce825 3072 qemu_1.6.0+dfsg-2.dsc
 3aa85c38eb0088e72732a924734e5f6b9b9072a8 76283 qemu_1.6.0+dfsg-2.debian.tar.gz
 672ca38ffe4208b1fd08c358ca9f4a1241b5a969 193476 qemu_1.6.0+dfsg-2_amd64.deb
 4ec573e8524adebd6af57d574a94640f2a6c11fd 54956 qemu-keymaps_1.6.0+dfsg-2_all.deb
 bed3cdaf90b0552380835f9bb6c83797e10d78bc 43760 qemu-system_1.6.0+dfsg-2_amd64.deb
 0e39c268b6bb744f03b568f4d0b1280f1d6990fa 180920 qemu-system-common_1.6.0+dfsg-2_amd64.deb
 258ec7759a550c952c31b611e7934fa3d5ca6ac9 4775540 qemu-system-misc_1.6.0+dfsg-2_amd64.deb
 5bc12118218a46d73f7570dd17ba43976f9431c7 1622270 qemu-system-arm_1.6.0+dfsg-2_amd64.deb
 137712517f9d5777b01ee255672db7981e0f2b63 2667468 qemu-system-mips_1.6.0+dfsg-2_amd64.deb
 fdbca9fc2d27360c3943bb94e001bda7a4e68f75 2511466 qemu-system-ppc_1.6.0+dfsg-2_amd64.deb
 60250a786847281cb099a80ef8d1cfcc3ae80417 1565954 qemu-system-sparc_1.6.0+dfsg-2_amd64.deb
 9cbbda0c4ec0bd535eb7e2bb4f762bcbc4cac7e2 1930712 qemu-system-x86_1.6.0+dfsg-2_amd64.deb
 acf9b875cb35b7ecd0a65e06a22f1acd738d1e8a 4770928 qemu-user_1.6.0+dfsg-2_amd64.deb
 5ad08a1d3a5d4794e96d8378735828d1ea0398ba 7193380 qemu-user-static_1.6.0+dfsg-2_amd64.deb
 a431cd8775c35ccc2a26415fb533436032b6d0fe 394984 qemu-utils_1.6.0+dfsg-2_amd64.deb
 0b9de8108a34311fe71460312f6c88ce6701263f 124176 qemu-guest-agent_1.6.0+dfsg-2_amd64.deb
 d46c2ab7b8c724b67cc832867918ed1f489e7ce2 43860 qemu-kvm_1.6.0+dfsg-2_amd64.deb
Checksums-Sha256: 
 916738b7f4d74a23f0b16028354a38a6cb4bc6b2789847c9f0b9a8d90f8e674d 3072 qemu_1.6.0+dfsg-2.dsc
 e94d962aa7531951aac492ba85b7df4bf32fb2f05703abb717a132500bf6c8ca 76283 qemu_1.6.0+dfsg-2.debian.tar.gz
 209f3cdaef8f114e12e07630d17f91ffc5e4c6fe2f50c912d344a1afaa4cec3e 193476 qemu_1.6.0+dfsg-2_amd64.deb
 ebea002e2b755a1fec0116bc3eb2ebe4a7f7479d1e601e54f4a38e3928cd4b31 54956 qemu-keymaps_1.6.0+dfsg-2_all.deb
 573c72b57dde8b23b795a678b4ca61d787ff81d8c595c28c02beb8a74c9bebf0 43760 qemu-system_1.6.0+dfsg-2_amd64.deb
 d0a214fbafd4284c42fa19a71b1a379ca80f8b172292beb9e43e07d6996c7cf3 180920 qemu-system-common_1.6.0+dfsg-2_amd64.deb
 f97635eaba8bcb4876923ee620219871c3df1fc77bdaed7c08e227720d32a87e 4775540 qemu-system-misc_1.6.0+dfsg-2_amd64.deb
 f6f4286b09de5d024a6ef3aebf0d783e5ea355e1a134659b289b6385ad24d3c8 1622270 qemu-system-arm_1.6.0+dfsg-2_amd64.deb
 19f4e202e7d664ec05330b44e4e615b5a631951b6ef9f809c23f57b9eddf3744 2667468 qemu-system-mips_1.6.0+dfsg-2_amd64.deb
 0e2bb1b45e8b413dfa9484cf62c31198d3e1c3535f17b171c9471baa25a47a24 2511466 qemu-system-ppc_1.6.0+dfsg-2_amd64.deb
 d3f96110cd230a6d01b3767e6ddae49fce780abaf423343361dd8389012db260 1565954 qemu-system-sparc_1.6.0+dfsg-2_amd64.deb
 f71bc26be4c7a1f67695b52c9bfd9864e8840dec1192ab3123aa006a1291b797 1930712 qemu-system-x86_1.6.0+dfsg-2_amd64.deb
 f3fa99dd9bb4990485038017da7974bba14d2cd2b6041e966428a5a33383bcf5 4770928 qemu-user_1.6.0+dfsg-2_amd64.deb
 6d6958d2c6f9c3662b2e1d1b93650c0408c05a4ef7df1791f4af1e5dd1f0c79f 7193380 qemu-user-static_1.6.0+dfsg-2_amd64.deb
 2b36e8303c379ea2649e38bad871ea1653fbe4a91681db1c777ba4b0a13fbd83 394984 qemu-utils_1.6.0+dfsg-2_amd64.deb
 ffc0e05033a722c2c4dbba9c0d025744988e5df01d65ca6260cc50438969a7e0 124176 qemu-guest-agent_1.6.0+dfsg-2_amd64.deb
 f755644c000e03a683d353261f3cdc4eebd7668a87ee3697e95fba3d2ef68c46 43860 qemu-kvm_1.6.0+dfsg-2_amd64.deb
Files: 
 ec9291a81dffaaee784f74e7f4ebe3b6 3072 otherosfs optional qemu_1.6.0+dfsg-2.dsc
 7b5a5a19c8a2a8180fa5222ef3ad7d2a 76283 otherosfs optional qemu_1.6.0+dfsg-2.debian.tar.gz
 0e4efb624e6bbe7468920d5adea51302 193476 otherosfs optional qemu_1.6.0+dfsg-2_amd64.deb
 ee219bf86997271eb170cb4da5353ac8 54956 otherosfs optional qemu-keymaps_1.6.0+dfsg-2_all.deb
 44dced4a8e4d730923402db35d5e28c8 43760 otherosfs optional qemu-system_1.6.0+dfsg-2_amd64.deb
 bc17c11cd3b059150e09deaaff78457a 180920 otherosfs optional qemu-system-common_1.6.0+dfsg-2_amd64.deb
 d423ddb3dfc23679fa934cfa83b280ed 4775540 otherosfs optional qemu-system-misc_1.6.0+dfsg-2_amd64.deb
 13470cf105d81df6a760b06c7fe71390 1622270 otherosfs optional qemu-system-arm_1.6.0+dfsg-2_amd64.deb
 daf6b8590ff4d6c046cbf37b75ee99e0 2667468 otherosfs optional qemu-system-mips_1.6.0+dfsg-2_amd64.deb
 89c08e90dfa091337c2d3d1e8f9d677f 2511466 otherosfs optional qemu-system-ppc_1.6.0+dfsg-2_amd64.deb
 67f2538905256474827ed5ee0181b191 1565954 otherosfs optional qemu-system-sparc_1.6.0+dfsg-2_amd64.deb
 427501b751df2effe0bf4ef5649843e1 1930712 otherosfs optional qemu-system-x86_1.6.0+dfsg-2_amd64.deb
 8a99d2d5b1c5dc6003e6e5cdf1c7e7ab 4770928 otherosfs optional qemu-user_1.6.0+dfsg-2_amd64.deb
 6709ff2fa22ab798bfb9d7126a8f6051 7193380 otherosfs optional qemu-user-static_1.6.0+dfsg-2_amd64.deb
 2f6558c5750265cc827b0bda6e21490c 394984 otherosfs optional qemu-utils_1.6.0+dfsg-2_amd64.deb
 0bd26f20519c1c737449c53181cb2104 124176 otherosfs optional qemu-guest-agent_1.6.0+dfsg-2_amd64.deb
 cab919156a6e63c1e2caa6c7adc1f58e 43860 oldlibs extra qemu-kvm_1.6.0+dfsg-2_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iJwEAQECAAYFAlJXlmcACgkQUlPFrXTwyDhusAQAnd2wyYt0ZEQubtZa9+F2mFAm
f/JiUSLA4RuKLwJSifcpGJ+m5WW3+Ry2glC+9Cn84vl/zetBoRY6Ztb9FvtdI7sT
KbkK+rQXUruN2KRuXdTBqXuyaUMr1OaxhGCxswBesTxgMQ0T6EvDO3wGw2LVzWFh
s5ntZXplaGmTKDw195g=
=d7Nz
-----END PGP SIGNATURE-----

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Thu, 05 Dec 2013 07:33:05 GMT) (full text, mbox, link).

Bug unarchived. Request was from <mjt@tls.msk.ru> to control@bugs.debian.org. (Wed, 14 May 2014 11:57:07 GMT) (full text, mbox, link).

Marked as found in versions qemu/1.1.2+dfsg-1. Request was from <mjt@tls.msk.ru> to control@bugs.debian.org. (Wed, 14 May 2014 11:57:08 GMT) (full text, mbox, link).

Severity set to 'important' from 'minor' Request was from <mjt@tls.msk.ru> to control@bugs.debian.org. (Wed, 14 May 2014 12:27:04 GMT) (full text, mbox, link).

Reply sent to Michael Tokarev <mjt@tls.msk.ru>:
You have taken responsibility. (Wed, 04 Jun 2014 06:51:17 GMT) (full text, mbox, link).

Notification sent to Moritz Muehlenhoff <jmm@inutil.org>:
Bug acknowledged by developer. (Wed, 04 Jun 2014 06:51:18 GMT) (full text, mbox, link).

Message #40 received at 725944-close@bugs.debian.org (full text, mbox, reply):

From: Michael Tokarev <mjt@tls.msk.ru>
To: 725944-close@bugs.debian.org
Subject: Bug#725944: fixed in qemu 1.1.2+dfsg-6a+deb7u3
Date: Wed, 04 Jun 2014 06:50:28 +0000
Source: qemu
Source-Version: 1.1.2+dfsg-6a+deb7u3

We believe that the bug you reported is fixed in the latest version of
qemu, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 725944@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Michael Tokarev <mjt@tls.msk.ru> (supplier of updated qemu package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Wed, 14 May 2014 16:08:52 +0400
Source: qemu
Binary: qemu qemu-keymaps qemu-system qemu-user qemu-user-static qemu-utils
Architecture: source all amd64
Version: 1.1.2+dfsg-6a+deb7u3
Distribution: wheezy-security
Urgency: high
Maintainer: Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>
Changed-By: Michael Tokarev <mjt@tls.msk.ru>
Description: 
 qemu       - fast processor emulator
 qemu-keymaps - QEMU keyboard maps
 qemu-system - QEMU full system emulation binaries
 qemu-user  - QEMU user mode emulation binaries
 qemu-user-static - QEMU user mode emulation binaries (static version)
 qemu-utils - QEMU utilities
Closes: 725944 745157
Changes: 
 qemu (1.1.2+dfsg-6a+deb7u3) wheezy-security; urgency=high
 .
   * ide-correct-improper-smart-self-test-counter-reset-CVE-2014-2894.patch
     (Closes: #745157 CVE-2014-2894)
   * scsi-allocate-SCSITargetReq-r-buf-dynamically-CVE-2013-4344.patch
     (Closes: #725944 CVE-2013-4344)
Checksums-Sha1: 
 4fbbedb8b198b04e13fabcba98b5c9b2928dea04 2631 qemu_1.1.2+dfsg-6a+deb7u3.dsc
 c002603527a36d63d47a069231b631df7fa8330b 68335 qemu_1.1.2+dfsg-6a+deb7u3.debian.tar.gz
 df6687be7a1e592d0cdce90a151a6453a4d7d357 50242 qemu-keymaps_1.1.2+dfsg-6a+deb7u3_all.deb
 5248ff961331e73cc6bac067755c14df317f7f35 116154 qemu_1.1.2+dfsg-6a+deb7u3_amd64.deb
 f904c27738562fa76b07abff26045a731684c222 27850718 qemu-system_1.1.2+dfsg-6a+deb7u3_amd64.deb
 7cd31758409c6b73857953dc00fa7d6476b2f7a9 7727312 qemu-user_1.1.2+dfsg-6a+deb7u3_amd64.deb
 4f7ec2d5119d5f047a3f8de226b6ef4faedbd7b5 16544166 qemu-user-static_1.1.2+dfsg-6a+deb7u3_amd64.deb
 89098dc61baf27b2df1a5abb26001f862e05fce3 659228 qemu-utils_1.1.2+dfsg-6a+deb7u3_amd64.deb
Checksums-Sha256: 
 33a6695852cdc6ebf68cdcba5b100817b74bf89a943966039a8c537ea352602d 2631 qemu_1.1.2+dfsg-6a+deb7u3.dsc
 81c57cf87ea019c58794e1627978db70b5a380df1c6f3023372c6357428ec9aa 68335 qemu_1.1.2+dfsg-6a+deb7u3.debian.tar.gz
 2e4bc9d9d571097a35f2e0881e8d40ca7c728ac77db5a4f95ffb6dbc23a4adf2 50242 qemu-keymaps_1.1.2+dfsg-6a+deb7u3_all.deb
 7b576842fd8e345801e766647aa9f9a4fed08ced3c638d768738759946618780 116154 qemu_1.1.2+dfsg-6a+deb7u3_amd64.deb
 14f63dd5c53bd1c9ce44c81fa66c382633575abc7d331c0c4e1f5d4282a5f1c6 27850718 qemu-system_1.1.2+dfsg-6a+deb7u3_amd64.deb
 dfe8787eff1cdde23c2e4791109c5112bdd70ad2d771d778a67e2d762cb0033d 7727312 qemu-user_1.1.2+dfsg-6a+deb7u3_amd64.deb
 ceeec10ddf869c2b4d5f4059268bfb17f8c5e0f87f9cb3c3bab1bff01a59c5a4 16544166 qemu-user-static_1.1.2+dfsg-6a+deb7u3_amd64.deb
 de2997a23043fdd462afe1e8727c0730096597083675bd7f8e9ba37a923e4a2e 659228 qemu-utils_1.1.2+dfsg-6a+deb7u3_amd64.deb
Files: 
 a26b49333208d0108dfa5d35185f3b10 2631 misc optional qemu_1.1.2+dfsg-6a+deb7u3.dsc
 ddf8a75f1f31dfa944edcc60fa204977 68335 misc optional qemu_1.1.2+dfsg-6a+deb7u3.debian.tar.gz
 79d79114297848950fdcb331c4496430 50242 misc optional qemu-keymaps_1.1.2+dfsg-6a+deb7u3_all.deb
 cb76f7c52d7e03ed8cafd54281780c2f 116154 misc optional qemu_1.1.2+dfsg-6a+deb7u3_amd64.deb
 65ede171d3b3f8a8c052e99090f00c28 27850718 misc optional qemu-system_1.1.2+dfsg-6a+deb7u3_amd64.deb
 b5a16ccaa836f19016014b7983af2512 7727312 misc optional qemu-user_1.1.2+dfsg-6a+deb7u3_amd64.deb
 0c72b14e377987301c69de1fb1e84ba1 16544166 misc optional qemu-user-static_1.1.2+dfsg-6a+deb7u3_amd64.deb
 776fa0a053c0e6c18493aed1519b1e10 659228 misc optional qemu-utils_1.1.2+dfsg-6a+deb7u3_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQEcBAEBAgAGBQJTdw3kAAoJEL7lnXSkw9fba5YH/ifohwc46OcByJH3J947RhUb
j7Haw8a1jeDBVlrzYG+E05IZmi3IyXr8CjLi08OVJbxa/yUPFTDwgh424lkYMUk5
hm7T6BTtlq3lf4Z1Q8/cabhBvXR555aV6FQ3UO/pmGWXMXNvTpKp9kRXk5wy8L2/
qt81EbgWHadqhnPAtvTjU7C3DodFhJG05xuz2C1GmFuvpOT0jKyC5E+2mppaPHO6
dlmjfGK7JXdX4ag5bbwOXs5wCgdspjFuCpa53f6R1oFkJ5DEPTLID68JLEmQmxRz
5k0E+b6M+pRRflJeKKfgKS687KLEOZ12+Y9ZiCMMD/x6mmsnCyQTgieWM/iL23E=
=pwzl
-----END PGP SIGNATURE-----

Reply sent to Michael Tokarev <mjt@tls.msk.ru>:
You have taken responsibility. (Wed, 04 Jun 2014 06:54:05 GMT) (full text, mbox, link).

Notification sent to Moritz Muehlenhoff <jmm@inutil.org>:
Bug acknowledged by developer. (Wed, 04 Jun 2014 06:54:05 GMT) (full text, mbox, link).

Message #45 received at 725944-close@bugs.debian.org (full text, mbox, reply):

From: Michael Tokarev <mjt@tls.msk.ru>
To: 725944-close@bugs.debian.org
Subject: Bug#725944: fixed in qemu-kvm 1.1.2+dfsg-6+deb7u3
Date: Wed, 04 Jun 2014 06:51:03 +0000
Source: qemu-kvm
Source-Version: 1.1.2+dfsg-6+deb7u3

We believe that the bug you reported is fixed in the latest version of
qemu-kvm, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 725944@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Michael Tokarev <mjt@tls.msk.ru> (supplier of updated qemu-kvm package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Wed, 14 May 2014 16:08:52 +0400
Source: qemu-kvm
Binary: qemu-kvm qemu-kvm-dbg kvm
Architecture: source amd64
Version: 1.1.2+dfsg-6+deb7u3
Distribution: wheezy-security
Urgency: high
Maintainer: Michael Tokarev <mjt@tls.msk.ru>
Changed-By: Michael Tokarev <mjt@tls.msk.ru>
Description: 
 kvm        - dummy transitional package from kvm to qemu-kvm
 qemu-kvm   - Full virtualization on x86 hardware
 qemu-kvm-dbg - Debugging info for qemu-kvm
Closes: 725944 745157
Changes: 
 qemu-kvm (1.1.2+dfsg-6+deb7u3) wheezy-security; urgency=high
 .
   * ide-correct-improper-smart-self-test-counter-reset-CVE-2014-2894.patch
     (Closes: #745157 CVE-2014-2894)
   * scsi-allocate-SCSITargetReq-r-buf-dynamically-CVE-2013-4344.patch
     (Closes: #725944 CVE-2013-4344)
Checksums-Sha1: 
 4494ac43f6af9decaa5aafef40a988ecd7daeadd 2151 qemu-kvm_1.1.2+dfsg-6+deb7u3.dsc
 765bb6f9c7a3c05916a787e0de07518122c8001e 56168 qemu-kvm_1.1.2+dfsg-6+deb7u3.debian.tar.gz
 4248185a3c566be30a9bf60bbc598c427735ef57 1677824 qemu-kvm_1.1.2+dfsg-6+deb7u3_amd64.deb
 58382eb9130ec603b5a340a224eb7f08338aa27e 5267458 qemu-kvm-dbg_1.1.2+dfsg-6+deb7u3_amd64.deb
 5e7ce7bf01641ae1d0707bec73e1c4ecfc33dc7f 23800 kvm_1.1.2+dfsg-6+deb7u3_amd64.deb
Checksums-Sha256: 
 183e2c907f8dda3f74218dd5d6feb5b488c7edc50f64e562b80aa1bb11c5c2c6 2151 qemu-kvm_1.1.2+dfsg-6+deb7u3.dsc
 59a9397e3df877315fff723efb3b373a969a55496870d4d229b8d9be3cd03bcd 56168 qemu-kvm_1.1.2+dfsg-6+deb7u3.debian.tar.gz
 f44303fc876780e424ee1d1eab4736e42c9d85bf4c69351559d667a829798d8a 1677824 qemu-kvm_1.1.2+dfsg-6+deb7u3_amd64.deb
 674e3b56c19dc743af462e25e04c34acb158676048664ffef36173f5f2069059 5267458 qemu-kvm-dbg_1.1.2+dfsg-6+deb7u3_amd64.deb
 f6d5015c69fc551dc8447d7b5fda248c3466f9fc07b39a241cf4718bcae72a5b 23800 kvm_1.1.2+dfsg-6+deb7u3_amd64.deb
Files: 
 24f6761ef2ddf5183908e723f69ce360 2151 misc optional qemu-kvm_1.1.2+dfsg-6+deb7u3.dsc
 4c21cecadfb0c76e45f18256728b1cee 56168 misc optional qemu-kvm_1.1.2+dfsg-6+deb7u3.debian.tar.gz
 8a890252a9f1b0d6d6caff509ad95209 1677824 misc optional qemu-kvm_1.1.2+dfsg-6+deb7u3_amd64.deb
 3777d6af4db2d3e5d12f9c914cde58ec 5267458 debug extra qemu-kvm-dbg_1.1.2+dfsg-6+deb7u3_amd64.deb
 14ad7afbf0010cf21d88c44835475354 23800 oldlibs extra kvm_1.1.2+dfsg-6+deb7u3_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQEcBAEBAgAGBQJTeeAdAAoJEL7lnXSkw9fbpqAH/2ahMMzLAg319587X5nmS25f
wrVhHulwUHicl+VZqwkUbrgrutDMfgww9E8DzQKO0nZMl+58M3EmFIW+WuHk4U8U
Eyu3Ce/VqQf05/oG46zQB5BUiU2wtZLfoCeWAI0pk9AfhSjTqviZUzMc59nClEKw
jx42M/2my9++vsaUTtZTSQG8yyn5spu1qRYaxWiokoeYJuTmnEx3i52KCdYC61Ew
Pgrz57EONVtsa9QL0J87ru6gQrmzzc5gAJ7AgakNlAJ/NpgqdmRTVZGHc1fh8DVg
2WH950gGUu7B57UcvMrt5ew9/Y3QbmXHZMLR+YOm7HCBnNdBwgiQfcrKqQ4d0VU=
=GNSW
-----END PGP SIGNATURE-----

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Wed, 02 Jul 2014 07:29:07 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 15:56:38 2019; Machine Name: beach

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started