Your message dated Sat, 07 Jul 2007 02:32:03 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#427144: fixed in bochs 2.3+20070705-1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: bochs
Severity: important
Tags: security
A security bug has been disclosed in bochs:
| Heap-based buffer overflow in the bx_ne2k_c::rx_frame function in
| iodev/ne2k.cc in the emulated NE2000 device in Bochs 2.3 allows local
| users of the guest operating system to write to arbitrary memory
| locations and gain privileges on the host operating system via vectors
| that cause TXCNT register values to exceed the device memory size, aka
| "RX Frame heap overflow."
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2893>
Please mention the name CVE-2007-2893 in the changelog when fixing
this bug.
There is another issue, CVE-2007-2894, which seems to be rather
harmless to me.
--- End Message ---
--- Begin Message ---
Source: bochs
Source-Version: 2.3+20070705-1
We believe that the bug you reported is fixed in the latest version of
bochs, which is due to be installed in the Debian FTP archive:
bochs-doc_2.3+20070705-1_all.deb
to pool/main/b/bochs/bochs-doc_2.3+20070705-1_all.deb
bochs-sdl_2.3+20070705-1_i386.deb
to pool/main/b/bochs/bochs-sdl_2.3+20070705-1_i386.deb
bochs-svga_2.3+20070705-1_i386.deb
to pool/main/b/bochs/bochs-svga_2.3+20070705-1_i386.deb
bochs-term_2.3+20070705-1_i386.deb
to pool/main/b/bochs/bochs-term_2.3+20070705-1_i386.deb
bochs-wx_2.3+20070705-1_i386.deb
to pool/main/b/bochs/bochs-wx_2.3+20070705-1_i386.deb
bochs-x_2.3+20070705-1_i386.deb
to pool/main/b/bochs/bochs-x_2.3+20070705-1_i386.deb
bochs_2.3+20070705-1.diff.gz
to pool/main/b/bochs/bochs_2.3+20070705-1.diff.gz
bochs_2.3+20070705-1.dsc
to pool/main/b/bochs/bochs_2.3+20070705-1.dsc
bochs_2.3+20070705-1_i386.deb
to pool/main/b/bochs/bochs_2.3+20070705-1_i386.deb
bochs_2.3+20070705.orig.tar.gz
to pool/main/b/bochs/bochs_2.3+20070705.orig.tar.gz
bochsbios_2.3+20070705-1_all.deb
to pool/main/b/bochs/bochsbios_2.3+20070705-1_all.deb
bximage_2.3+20070705-1_i386.deb
to pool/main/b/bochs/bximage_2.3+20070705-1_i386.deb
sb16ctrl-bochs_2.3+20070705-1_i386.deb
to pool/main/b/bochs/sb16ctrl-bochs_2.3+20070705-1_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Guillem Jover <[EMAIL PROTECTED]> (supplier of updated bochs package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sat, 07 Jul 2007 05:07:01 +0300
Source: bochs
Binary: bochs-svga bochs-x bximage bochs-wx bochs-doc bochs-sdl bochsbios
sb16ctrl-bochs bochs-term bochs
Architecture: source i386 all
Version: 2.3+20070705-1
Distribution: unstable
Urgency: low
Maintainer: Guillem Jover <[EMAIL PROTECTED]>
Changed-By: Guillem Jover <[EMAIL PROTECTED]>
Description:
bochs - IA-32 PC emulator
bochs-doc - Bochs upstream documentation
bochs-sdl - SDL plugin for Bochs
bochs-svga - SVGA plugin for Bochs
bochs-term - Terminal (ncurses-based) plugin for Bochs
bochs-wx - WxWindows plugin for Bochs
bochs-x - X11 plugin for Bochs
bochsbios - BIOS for the Bochs emulator
bximage - Disk Image Creation Tool for Bochs
sb16ctrl-bochs - control utility for Bochs emulated SB16 card
Closes: 250196 382795 417416 427144
Changes:
bochs (2.3+20070705-1) unstable; urgency=low
.
* New upstream snapshot.
- Do not provoke a BSOD for Windows 2000 from bochsbios. (Closes: #417416)
- Fix OpenBSD 3.9 installation iso booting up to the installer with
qemu. (Closes: #382795)
- Fix heap buffer overflow in ne2k emulated driver. (Closes: #427144)
CVE-2007-2893
- Support spaces in command line bochsrc-like options. (Closes: #250196)
- debian/patches/03_redolog_FTBFS.patch: Fixed upstream. Remove.
- debian/patches/00_base.patch: Sync.
- debian/patches/01_man.patch: Likewise.
- debian/patches/02_libtool.patch: Likewise.
- debian/patches/04_man_table.patch: Likewise.
* Update Tag: field to the latest vocabulary.
* Use binary:Version instead of deprecated Source-Version substvar.
* Update CVSROOT in tarball.sh.
* Explicitely point to LGPL 2.1 in debian/copyright.
* Update menu entry section.
* Do not ignore make errors on clean.
* Switch configuration variables to simply expanded ones in debian/rules.
* Update config.sub and config.guess on clean.
Files:
6bccda2999ef11105fdf116a8059e93e 1077 misc extra bochs_2.3+20070705-1.dsc
9b532803fcab3626a007f2f83a6fc921 3732726 misc extra
bochs_2.3+20070705.orig.tar.gz
cb18bcb7dc010d720d020770134d8a88 131541 misc extra bochs_2.3+20070705-1.diff.gz
5cb3363f5040637d6c1f0f45549afa0e 244522 misc extra
bochs-doc_2.3+20070705-1_all.deb
d1ca322cf65b93f633080bc528ce34d8 88424 misc extra
bochsbios_2.3+20070705-1_all.deb
9e2ef0649e529bf5e6b6b0fe5b7e525c 896788 misc extra
bochs_2.3+20070705-1_i386.deb
50b5cb2d1e34a334fb1171c0961a4114 170580 misc extra
bochs-wx_2.3+20070705-1_i386.deb
287609099ec14cd6c3397dc740a65a3a 78798 misc extra
bochs-sdl_2.3+20070705-1_i386.deb
227bd048c0bf18f041958d6c749782ec 69180 misc extra
bochs-term_2.3+20070705-1_i386.deb
b4fce6ad612506321b57d9a627c48444 81248 misc extra
bochs-x_2.3+20070705-1_i386.deb
1d98ab9f5e45ce9a53efc7159f7d8794 70388 misc extra
bochs-svga_2.3+20070705-1_i386.deb
9c92aa903a5b6e1805ea60a88cbd151a 71800 misc extra
bximage_2.3+20070705-1_i386.deb
a071127367ad58882fd05883a65cc826 65752 misc extra
sb16ctrl-bochs_2.3+20070705-1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFGjvbBuW9ciZ2SjJsRAuz1AKC10jRgfVaoAqQDt/UaaKx4KP7k8ACgvnZ2
dAex71iJqclcixV81mCmJv0=
=A0Dv
-----END PGP SIGNATURE-----
--- End Message ---
