Bug#765496: marked as done (CVE-2014-3689: insufficient parameter validation in vmware_vga rectangle functions)

Fri, 07 Nov 2014 07:36:49 -0800 

Your message dated Fri, 07 Nov 2014 15:32:06 +0000
with message-id <[email protected]>
and subject line Bug#765496: fixed in qemu-kvm 1.1.2+dfsg-6+deb7u5
has caused the Debian Bug report #765496,
regarding CVE-2014-3689: insufficient parameter validation in vmware_vga 
rectangle functions
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
765496: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765496
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: qemu-system-x86
Version: 2.1+dfsg-5
Severity: normal
Tags: security upstream patch

CVE-2014-3689 has been reported agaist qemu vmware-vga device.

I think the priority of this isn't high because the device
isn't used widely, if not only for compatibility for "upgrading"
from vmware host.  Yet still, some people might be using it
thinking it is more efficient than other options.

Upstream fix, thread:

 http://thread.gmane.org/gmane.comp.emulators.qemu/301713

/mjt

--- End Message ---
--- Begin Message --- 
Source: qemu-kvm
Source-Version: 1.1.2+dfsg-6+deb7u5

We believe that the bug you reported is fixed in the latest version of
qemu-kvm, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Michael Tokarev <[email protected]> (supplier of updated qemu-kvm package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Wed, 05 Nov 2014 10:45:16 +0300
Source: qemu-kvm
Binary: qemu-kvm qemu-kvm-dbg kvm
Architecture: source amd64
Version: 1.1.2+dfsg-6+deb7u5
Distribution: wheezy-security
Urgency: medium
Maintainer: Michael Tokarev <[email protected]>
Changed-By: Michael Tokarev <[email protected]>
Description: 
 kvm        - dummy transitional package from kvm to qemu-kvm
 qemu-kvm   - Full virtualization on x86 hardware
 qemu-kvm-dbg - Debugging info for qemu-kvm
Closes: 765496
Changes: 
 qemu-kvm (1.1.2+dfsg-6+deb7u5) wheezy-security; urgency=medium
 .
   * apply 5 patches backported from upstream to fix a security issue in
     vmware-vga (Closes: #765496 CVE-2014-3689)
   * vnc-sanitize-bits_per_pixel-from-the-client-CVE-2014-7815.patch
     from upstream (Closes: CVE-2014-7815)
Checksums-Sha1: 
 e212e94665c00fa45e648e233c8f1e9cc335b031 2151 qemu-kvm_1.1.2+dfsg-6+deb7u5.dsc
 6644c44ba8932c426f32f995c8fd90e0574c2779 91758 
qemu-kvm_1.1.2+dfsg-6+deb7u5.debian.tar.gz
 8308e2817b5e13c0bc438a23e9b6320a29bf51e8 1678988 
qemu-kvm_1.1.2+dfsg-6+deb7u5_amd64.deb
 2de452190822dd553b0eac401b9750cba1fde4c0 5272210 
qemu-kvm-dbg_1.1.2+dfsg-6+deb7u5_amd64.deb
 797a98dd36ecf65cd642db10b21b4a6754ac54f1 23998 
kvm_1.1.2+dfsg-6+deb7u5_amd64.deb
Checksums-Sha256: 
 d5d441f0e60a850a27361a251e096f2251ea86109c218cd0d6ccae440338d8a7 2151 
qemu-kvm_1.1.2+dfsg-6+deb7u5.dsc
 ab64722ce1222c195402f1ec117ab53208eb8b04960e83fa7707b68a149972c3 91758 
qemu-kvm_1.1.2+dfsg-6+deb7u5.debian.tar.gz
 ff61a6eb89bbf466b7b8a5bf1956d149a19800e8fd50b90d3a038b697da83e8b 1678988 
qemu-kvm_1.1.2+dfsg-6+deb7u5_amd64.deb
 b712570f91b0cac1251303ee49ea26012db99d3c3d1cacc51f504668d629707b 5272210 
qemu-kvm-dbg_1.1.2+dfsg-6+deb7u5_amd64.deb
 47a8a281490005533374c7e9cd01c8a0a029a22df63dc70c29560dc9b6e11cb7 23998 
kvm_1.1.2+dfsg-6+deb7u5_amd64.deb
Files: 
 2c81bb4c42c109166df5642723f8ba01 2151 misc optional 
qemu-kvm_1.1.2+dfsg-6+deb7u5.dsc
 767e05e0293bf3366cb285f4ec85a0b0 91758 misc optional 
qemu-kvm_1.1.2+dfsg-6+deb7u5.debian.tar.gz
 e5bde3bfd823fc25ee0d9bdde60e5c12 1678988 misc optional 
qemu-kvm_1.1.2+dfsg-6+deb7u5_amd64.deb
 2914917ce7a18f3ae031454f7493eb2f 5272210 debug extra 
qemu-kvm-dbg_1.1.2+dfsg-6+deb7u5_amd64.deb
 78d5a8c605be517c7a659295001408b2 23998 oldlibs extra 
kvm_1.1.2+dfsg-6+deb7u5_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQEcBAEBAgAGBQJUWy6SAAoJEL7lnXSkw9fb7m4H/1Wj0AHbP8W/gQpwsXkVsnDP
4PA1QR6rLw3eYB0ihfQyFGzHB0LSnrgXQZV9Mxm8SE1r53wxotfD/m7mOORkT+sD
eGt3WVb6DcteN9864Efdfv2ElbSgo5ix9uDXwHlRAdj1gPX4ALqqnMXdIJiXpa8y
QfWRVgxSoZeYm7OXGFfKqn3noC910+89ZwpuBNSaqTnuISJXFe6i4VGqrsTJj2/S
ybpzLfDcAkPxnh61rD1/sXkIkT6XKIqMshbITAzpUf7sxmRFAD2h7UCpNI+BQ+z7
33Zk+vDuXBgGbcOmZ/+u6ML0BR2+AX9M4IQJQV1Qjt0hglmW2sJj9c6RifLVPLk=
=Q+km
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to