Your message dated Tue, 22 Sep 2015 21:22:51 +0000
with message-id <[email protected]>
and subject line Bug#798101: fixed in qemu 1:2.1+dfsg-12+deb8u3
has caused the Debian Bug report #798101,
regarding qemu: CVE-2015-6815: net: e1000 infinite loop issue
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
798101: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798101
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: qemu
Version: 1.1.2+dfsg-6a
Severity: important
Tags: security upstream patch
Hi,
the following vulnerability was published for qemu.
CVE-2015-6815[0]:
Qemu: net: e1000 infinite loop issue
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2015-6815
[1] https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg01199.html
The fix is not yet in the qemu git repository.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: qemu
Source-Version: 1:2.1+dfsg-12+deb8u3
We believe that the bug you reported is fixed in the latest version of
qemu, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michael Tokarev <[email protected]> (supplier of updated qemu package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Mon, 07 Sep 2015 16:54:32 +0300
Source: qemu
Binary: qemu qemu-system qemu-system-common qemu-system-misc qemu-system-arm
qemu-system-mips qemu-system-ppc qemu-system-sparc qemu-system-x86 qemu-user
qemu-user-static qemu-user-binfmt qemu-utils qemu-guest-agent qemu-kvm
Architecture: source
Version: 1:2.1+dfsg-12+deb8u3
Distribution: jessie-security
Urgency: high
Maintainer: Debian QEMU Team <[email protected]>
Changed-By: Michael Tokarev <[email protected]>
Description:
qemu - fast processor emulator
qemu-guest-agent - Guest-side qemu-system agent
qemu-kvm - QEMU Full virtualization on x86 hardware
qemu-system - QEMU full system emulation binaries
qemu-system-arm - QEMU full system emulation binaries (arm)
qemu-system-common - QEMU full system emulation binaries (common files)
qemu-system-mips - QEMU full system emulation binaries (mips)
qemu-system-misc - QEMU full system emulation binaries (miscelaneous)
qemu-system-ppc - QEMU full system emulation binaries (ppc)
qemu-system-sparc - QEMU full system emulation binaries (sparc)
qemu-system-x86 - QEMU full system emulation binaries (x86)
qemu-user - QEMU user mode emulation binaries
qemu-user-binfmt - QEMU user mode binfmt registration for qemu-user
qemu-user-static - QEMU user mode emulation binaries (static version)
qemu-utils - QEMU utilities
Closes: 798101
Changes:
qemu (1:2.1+dfsg-12+deb8u3) jessie-security; urgency=high
.
* Acknowlege the previous update. Thank you Salvatore for the hard
work you did fixing so many security issues.
* rename last patches removing numeric prefixes, so that different series
wont intermix with each other, add Bug-Debian: headers.
* Add e1000-avoid-infinite-loop-in-transmit-CVE-2015-6815.patch.
CVE-2015-6815: net: e1000 infinite loop issue in processing transmit
descriptor. (Closes: #798101 CVE-2015-6815)
* Add ide-fix-ATAPI-command-permissions-CVE-2015-6855.patch.
CVE-2015-6855: ide: qemu allows arbitrary commands to be sent to an ATAPI
device from guest, while illegal comands might have security impact,
f.e. WIN_READ_NATIVE_MAX results in divide by zero error.
(Closes: CVE-2015-6855)
Checksums-Sha1:
12f136a532dd661f69ea5507a15d21157925e1bd 5174 qemu_2.1+dfsg-12+deb8u3.dsc
161963b8a07b5ebdee3c952d88556f626aaf21e9 114600
qemu_2.1+dfsg-12+deb8u3.debian.tar.xz
Checksums-Sha256:
f8a84d05f9e5355da1a1fdedb2e4c73e28765e22ab85c1b17c5ddd89877a2f96 5174
qemu_2.1+dfsg-12+deb8u3.dsc
b21806211af1568fe1caea6f8d8e0825de953548bcb581218440f6350da4aad8 114600
qemu_2.1+dfsg-12+deb8u3.debian.tar.xz
Files:
9cd48301a7fd4f6d2864668d0a305c8c 5174 otherosfs optional
qemu_2.1+dfsg-12+deb8u3.dsc
f449d1801402737756dcb73db1db4e6f 114600 otherosfs optional
qemu_2.1+dfsg-12+deb8u3.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJV8+hJAAoJEL7lnXSkw9fb/d8H/AxvQgpNvn67Ovbf5UUFoLUO
DvMq9dIzMU3NwqJsc2kI73sUktHGRthc+gg+NkVspsN8XrYVF0UeydrOoHVKmhZk
GGz1kNlNIIEqV70Ajmo8cqvc/r189GYIJ39lRrNsdUY8K4COqwMy4c2YzJIkQMmh
hvof2H/wYDwN17CZ6JdppEV+kpcaXfYFXRepdo32ziET/UeBKR5optB+HYFl+e4Z
kdYN8JGHblcVgkTxd5hlajENO9g8RDxcvukQSC1pmpu8BGblAwDSXyl8/Bfj/gek
UyKst58oCXgRgNDECJM8pgris3QxP67a3DXNePSOcYc7lmnJpOhTW28AvkFWIMk=
=FUMV
-----END PGP SIGNATURE-----
--- End Message ---
