Your message dated Fri, 07 Nov 2014 23:17:14 +0000
with message-id <[email protected]>
and subject line Bug#765496: fixed in qemu 1.1.2+dfsg-6a+deb7u5
has caused the Debian Bug report #765496,
regarding CVE-2014-3689: insufficient parameter validation in vmware_vga
rectangle functions
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
765496: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765496
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: qemu-system-x86
Version: 2.1+dfsg-5
Severity: normal
Tags: security upstream patch
CVE-2014-3689 has been reported agaist qemu vmware-vga device.
I think the priority of this isn't high because the device
isn't used widely, if not only for compatibility for "upgrading"
from vmware host. Yet still, some people might be using it
thinking it is more efficient than other options.
Upstream fix, thread:
http://thread.gmane.org/gmane.comp.emulators.qemu/301713
/mjt
--- End Message ---
--- Begin Message ---
Source: qemu
Source-Version: 1.1.2+dfsg-6a+deb7u5
We believe that the bug you reported is fixed in the latest version of
qemu, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michael Tokarev <[email protected]> (supplier of updated qemu package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Wed, 05 Nov 2014 10:45:16 +0300
Source: qemu
Binary: qemu qemu-keymaps qemu-system qemu-user qemu-user-static qemu-utils
Architecture: source all amd64
Version: 1.1.2+dfsg-6a+deb7u5
Distribution: wheezy-security
Urgency: medium
Maintainer: Debian QEMU Team <[email protected]>
Changed-By: Michael Tokarev <[email protected]>
Description:
qemu - fast processor emulator
qemu-keymaps - QEMU keyboard maps
qemu-system - QEMU full system emulation binaries
qemu-user - QEMU user mode emulation binaries
qemu-user-static - QEMU user mode emulation binaries (static version)
qemu-utils - QEMU utilities
Closes: 765496
Changes:
qemu (1.1.2+dfsg-6a+deb7u5) wheezy-security; urgency=medium
.
* apply 5 patches backported from upstream to fix a security issue in
vmware-vga (Closes: #765496 CVE-2014-3689)
* vnc-sanitize-bits_per_pixel-from-the-client-CVE-2014-7815.patch
from upstream (Closes: CVE-2014-7815)
Checksums-Sha1:
97b70b2cfabda1d5b1f1c5c5b23df480cbbd8a9f 2634 qemu_1.1.2+dfsg-6a+deb7u5.dsc
e8280b293f798d356567737444c0e120d71c51a1 103543
qemu_1.1.2+dfsg-6a+deb7u5.debian.tar.gz
aabe0497dcee055755ece4ab57ff845410ca7160 49574
qemu-keymaps_1.1.2+dfsg-6a+deb7u5_all.deb
3fc4ac1d1c27dabf926797f60944d4f4b7cdb9ce 114772
qemu_1.1.2+dfsg-6a+deb7u5_amd64.deb
343a3103fb47cf52ceada893da672535dca0c62c 27896058
qemu-system_1.1.2+dfsg-6a+deb7u5_amd64.deb
731d143bd95b6b575678f34d8766bcc2922fafe8 7721522
qemu-user_1.1.2+dfsg-6a+deb7u5_amd64.deb
2a13445e1f8cae19f2dd8943d99fc24db5916da4 16568362
qemu-user-static_1.1.2+dfsg-6a+deb7u5_amd64.deb
1598e1786a3a20497473f4d22c4b7c034bffd70d 663864
qemu-utils_1.1.2+dfsg-6a+deb7u5_amd64.deb
Checksums-Sha256:
f0e29ae502dcf72d386c7c2198adb893820999b77dce90d5816b149d09073038 2634
qemu_1.1.2+dfsg-6a+deb7u5.dsc
b0f718b20eaa6277810e506891588a7bdeeba4356b1585c71f17131b48bf35b8 103543
qemu_1.1.2+dfsg-6a+deb7u5.debian.tar.gz
ee2fe0585bcf1e428e501935d952ef0b10d1ec7c073cf75c6477b18b53b547cb 49574
qemu-keymaps_1.1.2+dfsg-6a+deb7u5_all.deb
89bb3e98b0d4ecdb7b99fbf0c43b9b9b8a6219944d642771df96bd8c8c48860a 114772
qemu_1.1.2+dfsg-6a+deb7u5_amd64.deb
146144147a74866c59809c937fe29e5d8ec560516f29cc0fe9a253a1a9745a0e 27896058
qemu-system_1.1.2+dfsg-6a+deb7u5_amd64.deb
95cda0aed6f86151b0b61353e90029540dee1e62350173173e718203a0591757 7721522
qemu-user_1.1.2+dfsg-6a+deb7u5_amd64.deb
1fc3f5a68c79170fe57f0f54c21249822ae6ea88d54b64b93b2b6e9ec31035c4 16568362
qemu-user-static_1.1.2+dfsg-6a+deb7u5_amd64.deb
eb8f9b13ace5b38f806d90e035b1ee1caf0e01ac064dafe7001d9dc176f83113 663864
qemu-utils_1.1.2+dfsg-6a+deb7u5_amd64.deb
Files:
fc01f87ed3beeacdb23b3a8fc7d85d5d 2634 misc optional
qemu_1.1.2+dfsg-6a+deb7u5.dsc
875eb959d82afb232768bb7b84a8feaf 103543 misc optional
qemu_1.1.2+dfsg-6a+deb7u5.debian.tar.gz
32e32fdf9f7485284fce6ce78f38c5fd 49574 misc optional
qemu-keymaps_1.1.2+dfsg-6a+deb7u5_all.deb
ea9fdddbb5193d13d92939a44e063e4b 114772 misc optional
qemu_1.1.2+dfsg-6a+deb7u5_amd64.deb
2eafc6e16ece43f168c095123a76c7a1 27896058 misc optional
qemu-system_1.1.2+dfsg-6a+deb7u5_amd64.deb
21ade2010eab0ee749cd7860278c5621 7721522 misc optional
qemu-user_1.1.2+dfsg-6a+deb7u5_amd64.deb
a1ba751139b35b98f67316f4f73d9492 16568362 misc optional
qemu-user-static_1.1.2+dfsg-6a+deb7u5_amd64.deb
8bcec4c019bb36836646548d75b21947 663864 misc optional
qemu-utils_1.1.2+dfsg-6a+deb7u5_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQEcBAEBAgAGBQJUWy6TAAoJEL7lnXSkw9fb9sIH/iF8Zi2nljh5wJHAtX5CJx8L
wHpSgTTkeg0S5LuqrX4Y7qtmGkn3j0EEWs70rq4xRysRnFaAEjfO5kYJquFM5PBH
sAwr0sV8jO4nVi8KZlA47bJbwz86mQxLkL7lesuhDPmUzp1Iu4GYXVPp+7p7RnOX
PjsB7ZFLPQenAg4iirGQP/2zDQqJeimwHLwMyHof64VPoCHD7KdrNAkI+X38zSRi
+QmlD00ZllA5hDqJv9Xuhv9uH4pdkd9Ou7lzLfzP6x9mOM83cxw7FfDxI7bshFJJ
KdHZ5Hj04SM4eEspCA98joxszgUrCGyBgFa6G338H6IFeWyZ6TihGX3Ex9L+Wvo=
=43oW
-----END PGP SIGNATURE-----
--- End Message ---
