Your message dated Tue, 11 Mar 2008 14:02:06 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#469666: fixed in kvm 63+dfsg-1
has caused the Debian Bug report #469666,
regarding kvm: CVE-2008-0928 privilege escalation
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)
--
469666: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=469666
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Package: xen-unstable
Severity: grave
Tags: security patch
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for xen-unstable.
CVE-2008-0928[0]:
| Qemu 0.9.1 and earlier does not perform range checks for block device
| read or write requests, which allows guest host users with root
| privileges to access arbitrary memory and escape the virtual machine.
If you fix this vulnerability please also include the CVE id
in your changelog entry.
https://bugzilla.redhat.com/attachment.cgi?id=296005 is the
patch (tools/ioemu/block.c should get patched).
For further information:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0928
Kind regards
Nico
--
Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgpJMofPG1zjm.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---
Source: kvm
Source-Version: 63+dfsg-1
We believe that the bug you reported is fixed in the latest version of
kvm, which is due to be installed in the Debian FTP archive:
kvm-data_63+dfsg-1_all.deb
to pool/main/k/kvm/kvm-data_63+dfsg-1_all.deb
kvm-source_63+dfsg-1_all.deb
to pool/main/k/kvm/kvm-source_63+dfsg-1_all.deb
kvm_63+dfsg-1.diff.gz
to pool/main/k/kvm/kvm_63+dfsg-1.diff.gz
kvm_63+dfsg-1.dsc
to pool/main/k/kvm/kvm_63+dfsg-1.dsc
kvm_63+dfsg-1_i386.deb
to pool/main/k/kvm/kvm_63+dfsg-1_i386.deb
kvm_63+dfsg.orig.tar.gz
to pool/main/k/kvm/kvm_63+dfsg.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Jan Lübbe <[EMAIL PROTECTED]> (supplier of updated kvm package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Tue, 11 Mar 2008 10:48:29 +0100
Source: kvm
Binary: kvm kvm-data kvm-source
Architecture: source all i386
Version: 63+dfsg-1
Distribution: unstable
Urgency: low
Maintainer: Jan Luebbe <[EMAIL PROTECTED]>
Changed-By: Jan Lübbe <[EMAIL PROTECTED]>
Description:
kvm - Full virtualization on x86 hardware
kvm-data - Data files for the KVM package
kvm-source - Source for the KVM driver
Closes: 469666
Changes:
kvm (63+dfsg-1) unstable; urgency=low
.
* New upstream release
* Update upstream changelog (from mailing list)
* Fix CVE-2008-0928 using the patch in the bugreport (closes: #469666)
Files:
7a25e41e6f1f66932976a05b7404da60 911 misc optional kvm_63+dfsg-1.dsc
1d34d658feda0880aa647a2919f2a22c 2937568 misc optional kvm_63+dfsg.orig.tar.gz
1abf1036604e170d2a482a763a2a8e6e 28313 misc optional kvm_63+dfsg-1.diff.gz
2ed3f4f597370bfffccdcc1aabf39d44 108928 misc optional
kvm-data_63+dfsg-1_all.deb
6984d651f161fbb45b47963cb07fb206 143934 misc optional
kvm-source_63+dfsg-1_all.deb
922fdc310b89dbe12aa9a50068ed7121 742926 misc optional kvm_63+dfsg-1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFH1orvioOL5NhIDy4RAraBAKDygtmDLfegX327oPkZUiczuPn/uQCdFx2T
T2jzBZATbUiqFjB/VaWDTxQ=
=JkeK
-----END PGP SIGNATURE-----
--- End Message ---
