Bug#798101: marked as done (qemu: CVE-2015-6815: net: e1000 infinite loop issue)

Debian Bug Tracking System Tue, 22 Sep 2015 14:33:57 -0700

Your message dated Tue, 22 Sep 2015 21:29:26 +0000
with message-id <[email protected]>
and subject line Bug#798101: fixed in qemu 1.1.2+dfsg-6a+deb7u10
has caused the Debian Bug report #798101,
regarding qemu: CVE-2015-6815: net: e1000 infinite loop issue
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
798101: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798101
Debian Bug Tracking System
Contact [email protected] with problems

--- Begin Message ---

Source: qemu
Version: 1.1.2+dfsg-6a
Severity: important
Tags: security upstream patch

Hi,

the following vulnerability was published for qemu.

CVE-2015-6815[0]:
Qemu: net: e1000 infinite loop issue

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2015-6815
[1] https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg01199.html

The fix is not yet in the qemu git repository.

Regards,
Salvatore

--- End Message ---

--- Begin Message ---

Source: qemu
Source-Version: 1.1.2+dfsg-6a+deb7u10

We believe that the bug you reported is fixed in the latest version of
qemu, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Michael Tokarev <[email protected]> (supplier of updated qemu package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Fri, 11 Sep 2015 19:40:24 +0300
Source: qemu
Binary: qemu qemu-keymaps qemu-system qemu-user qemu-user-static qemu-utils
Architecture: source all amd64
Version: 1.1.2+dfsg-6a+deb7u10
Distribution: wheezy-security
Urgency: high
Maintainer: Debian QEMU Team <[email protected]>
Changed-By: Michael Tokarev <[email protected]>
Description: 
 qemu       - fast processor emulator
 qemu-keymaps - QEMU keyboard maps
 qemu-system - QEMU full system emulation binaries
 qemu-user  - QEMU user mode emulation binaries
 qemu-user-static - QEMU user mode emulation binaries (static version)
 qemu-utils - QEMU utilities
Closes: 798101
Changes: 
 qemu (1.1.2+dfsg-6a+deb7u10) wheezy-security; urgency=high
 .
   * Acknowlege the previous update.  Thank you Salvatore for the hard
     work you did fixing so many security issues.
   * rename last patches removing numeric prefixes, so that different series
     wont intermix with each other, add Bug-Debian: headers.
   * Add e1000-avoid-infinite-loop-in-transmit-CVE-2015-6815.patch.
     CVE-2015-6815: net: e1000 infinite loop issue in processing transmit
     descriptor.  (Closes: #798101 CVE-2015-6815)
   * Add ide-fix-ATAPI-command-permissions-CVE-2015-6855.patch.
     CVE-2015-6855: ide: qemu allows arbitrary commands to be sent to an ATAPI
     device from guest, while illegal comands might have security impact,
     f.e. WIN_READ_NATIVE_MAX results in divide by zero error.
     (Closes: CVE-2015-6855)
Checksums-Sha1: 
 8062ee11cfe5864e4d028a3a1c2f35dc2a0595c5 2621 qemu_1.1.2+dfsg-6a+deb7u10.dsc
 256fcdd9a4ad7af905c0bc0402b2dc221a07154a 118100 
qemu_1.1.2+dfsg-6a+deb7u10.debian.tar.gz
 f072b6bdbf94bd55ededb8dfc68d502f41a67e76 50278 
qemu-keymaps_1.1.2+dfsg-6a+deb7u10_all.deb
 f28131c27e665be22b90523448e861945c63045d 115688 
qemu_1.1.2+dfsg-6a+deb7u10_amd64.deb
 d41809f760fe59fcd486425eaab94a919c8c9952 27895684 
qemu-system_1.1.2+dfsg-6a+deb7u10_amd64.deb
 94fed93c1793d9e06bffef98ec90bcbc5c9e135c 7724448 
qemu-user_1.1.2+dfsg-6a+deb7u10_amd64.deb
 e99a7ef2fb79fe20f0401f6fd6acb4aa97cdee15 16569130 
qemu-user-static_1.1.2+dfsg-6a+deb7u10_amd64.deb
 0988be422ef153e143382661a0edbdf50a63c4cf 664674 
qemu-utils_1.1.2+dfsg-6a+deb7u10_amd64.deb
Checksums-Sha256: 
 d74f848fc13169defba592c96056ba68f2575bcc4b5e54e774b71458dbe8a1ec 2621 
qemu_1.1.2+dfsg-6a+deb7u10.dsc
 196be60b0b8f22004a24763177cedff1dc51db4fb1ba1feefe0afc791c4c4c71 118100 
qemu_1.1.2+dfsg-6a+deb7u10.debian.tar.gz
 ff659865e58bca127ae25438b838b1fc6e70a6d352900af929bcd0a937883f10 50278 
qemu-keymaps_1.1.2+dfsg-6a+deb7u10_all.deb
 57b4b823ac96d3ad71e468401272a738862da613b3533b6047e45ed2e12de436 115688 
qemu_1.1.2+dfsg-6a+deb7u10_amd64.deb
 0b5c8a501986d6869780c6f865b255bf311087d674d3068d6569c684b35c8bda 27895684 
qemu-system_1.1.2+dfsg-6a+deb7u10_amd64.deb
 d5929889bd57c24dba0d1e17fb9a56ff69a161d84bfafbf70f091a88daa48297 7724448 
qemu-user_1.1.2+dfsg-6a+deb7u10_amd64.deb
 43f602ab5c7475d42a196d44c40d7d5b1ff276106884a485ae166b9c188baaab 16569130 
qemu-user-static_1.1.2+dfsg-6a+deb7u10_amd64.deb
 75f542b7c8cbe8882f76b1407de8559ffc6ab6836cafec9407788a124e4f2c3a 664674 
qemu-utils_1.1.2+dfsg-6a+deb7u10_amd64.deb
Files: 
 570ace858ba58f50263bda47cd757f85 2621 misc optional 
qemu_1.1.2+dfsg-6a+deb7u10.dsc
 546a7fee6237da801614a860ac2cf161 118100 misc optional 
qemu_1.1.2+dfsg-6a+deb7u10.debian.tar.gz
 3d3f01b35b2a379494bceedbaff6bcbb 50278 misc optional 
qemu-keymaps_1.1.2+dfsg-6a+deb7u10_all.deb
 676f9896c8be49f630ae078b654916ed 115688 misc optional 
qemu_1.1.2+dfsg-6a+deb7u10_amd64.deb
 6c24a0f6f8c9b12d6c04006eaf0440ec 27895684 misc optional 
qemu-system_1.1.2+dfsg-6a+deb7u10_amd64.deb
 e33da4a2a6ea71049b560895c8fa4829 7724448 misc optional 
qemu-user_1.1.2+dfsg-6a+deb7u10_amd64.deb
 300a08db3fd7689357174dca30b7e74b 16569130 misc optional 
qemu-user-static_1.1.2+dfsg-6a+deb7u10_amd64.deb
 a183df7de0721e7a9cea3acdced5525b 664674 misc optional 
qemu-utils_1.1.2+dfsg-6a+deb7u10_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBAgAGBQJV9WJ9AAoJEL7lnXSkw9fbsHwH/2caK6czYJeqhztBIassoaRL
m19TRmAwjOavi5LsWs4GxGXvxO+DsfNpbyYf7SRRxfF97gldDPwCLm/gyNQ+vHfr
lYQ/BTrsQ5cfD7shUcNk6jZuZdNKAqAAtWZk8uUPXa5uJswvlbyUMCU82e2iqlUE
DyNeUjM9smyqN/NyxHLthi3f+LpNyTwDUzMKVJ7B/Nn1WgLJA402rAMOJ19NNx3N
qQ4X00C270suAjPL1HFoPdbEIDqods04yFH/RYu2ybFHnAfaOCYCZ5hy4iWJ2VAL
ZdwBKROlZIbJ2ycSvglZ2/OM6VIbu0CjiV+q9YStX1Q9iKirkmWwhmF7NZwuPpk=
=KkYv
-----END PGP SIGNATURE-----

--- End Message ---

Bug#798101: marked as done (qemu: CVE-2015-6815: net: e1000 infinite loop issue)

Reply via email to