Your message dated Tue, 22 Sep 2015 21:31:00 +0000
with message-id <[email protected]>
and subject line Bug#798101: fixed in qemu-kvm 1.1.2+dfsg-6+deb7u10
has caused the Debian Bug report #798101,
regarding qemu: CVE-2015-6815: net: e1000 infinite loop issue
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
798101: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798101
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: qemu
Version: 1.1.2+dfsg-6a
Severity: important
Tags: security upstream patch
Hi,
the following vulnerability was published for qemu.
CVE-2015-6815[0]:
Qemu: net: e1000 infinite loop issue
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2015-6815
[1] https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg01199.html
The fix is not yet in the qemu git repository.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: qemu-kvm
Source-Version: 1.1.2+dfsg-6+deb7u10
We believe that the bug you reported is fixed in the latest version of
qemu-kvm, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michael Tokarev <[email protected]> (supplier of updated qemu-kvm package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Fri, 11 Sep 2015 19:40:36 +0300
Source: qemu-kvm
Binary: qemu-kvm qemu-kvm-dbg kvm
Architecture: source amd64
Version: 1.1.2+dfsg-6+deb7u10
Distribution: wheezy-security
Urgency: high
Maintainer: Michael Tokarev <[email protected]>
Changed-By: Michael Tokarev <[email protected]>
Description:
kvm - dummy transitional package from kvm to qemu-kvm
qemu-kvm - Full virtualization on x86 hardware
qemu-kvm-dbg - Debugging info for qemu-kvm
Closes: 798101
Changes:
qemu-kvm (1.1.2+dfsg-6+deb7u10) wheezy-security; urgency=high
.
* Acknowlege the previous update. Thank you Salvatore for the hard
work you did fixing so many security issues.
* rename last patches removing numeric prefixes, so that different series
wont intermix with each other, add Bug-Debian: headers.
* Add e1000-avoid-infinite-loop-in-transmit-CVE-2015-6815.patch.
CVE-2015-6815: net: e1000 infinite loop issue in processing transmit
descriptor. (Closes: #798101 CVE-2015-6815)
* Add ide-fix-ATAPI-command-permissions-CVE-2015-6855.patch.
CVE-2015-6855: ide: qemu allows arbitrary commands to be sent to an ATAPI
device from guest, while illegal comands might have security impact,
f.e. WIN_READ_NATIVE_MAX results in divide by zero error.
(Closes: CVE-2015-6855)
Checksums-Sha1:
667f74222aa07e5a43236a25fe5381c7064c0ae6 2141 qemu-kvm_1.1.2+dfsg-6+deb7u10.dsc
6c4691306499a871b4e74e9cc066f389154f3e49 106265
qemu-kvm_1.1.2+dfsg-6+deb7u10.debian.tar.gz
e384c72cc3de94c9168280934b3629fb0778372f 1680630
qemu-kvm_1.1.2+dfsg-6+deb7u10_amd64.deb
ff5b4675eccd3ea0bdcfa4f7037859d7e629c7ab 5273410
qemu-kvm-dbg_1.1.2+dfsg-6+deb7u10_amd64.deb
db1f29ab8462c94f014b7471e51b1c76e0a840ed 24762
kvm_1.1.2+dfsg-6+deb7u10_amd64.deb
Checksums-Sha256:
c1aca86b56076eb4ba645440533181d3ead183d25bf0432fef85809bb10e3cc8 2141
qemu-kvm_1.1.2+dfsg-6+deb7u10.dsc
8961c1b99215cb8a5d7698e5eee9a6cb6102e364a788005129480e7b2e516d4a 106265
qemu-kvm_1.1.2+dfsg-6+deb7u10.debian.tar.gz
fd8ee23d8a102d3c415cd5dc9d7da7be4e239eb8245a378ae159df6ba00a9c52 1680630
qemu-kvm_1.1.2+dfsg-6+deb7u10_amd64.deb
0a572f885bd0dde9330eab8925fdaf5d0173d2fed23e5c98d2d685c50bc9f795 5273410
qemu-kvm-dbg_1.1.2+dfsg-6+deb7u10_amd64.deb
d42e77bfa208f7795459a609a0bd6c2b69c69df60e5f4644b591949917105e76 24762
kvm_1.1.2+dfsg-6+deb7u10_amd64.deb
Files:
349b87d8e8cdc20a8c9e283081e48798 2141 misc optional
qemu-kvm_1.1.2+dfsg-6+deb7u10.dsc
5c29c9f82f6fac56482cff1ad02b62a7 106265 misc optional
qemu-kvm_1.1.2+dfsg-6+deb7u10.debian.tar.gz
08cf5f79f6f216371af82f5194c854ae 1680630 misc optional
qemu-kvm_1.1.2+dfsg-6+deb7u10_amd64.deb
db255c378f9af2698678b59feb8b1215 5273410 debug extra
qemu-kvm-dbg_1.1.2+dfsg-6+deb7u10_amd64.deb
13e1118153c30aeafaea032e8c0916aa 24762 oldlibs extra
kvm_1.1.2+dfsg-6+deb7u10_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAEBAgAGBQJV9WJ6AAoJEL7lnXSkw9fbrbAH/0tRwNtR9R8TYZteYWgNIB8C
9d+F5LZSk/wpRfkh6N533LT1sEbbbsCoMXV8sgDscYTBoGM/n9jKto8T++ySmV4O
wo9ZhFJaJMCtUap0ft1CLnOdvXBwkXUYZ0dJ/q0DCKRNTxOrNt/0hEZEOZlvkh/0
bQOfLEvASpS2RE7C7ZKvHAscs+6iAcjCNPUpRugy60KQE6/JJEvflWtS8PZ9fj4N
n82313wR6eMdUwwyKQeQPbpybbafxOKppdvSQWlmjWgO1ZcVKi0lWs5v0H4m152V
oLOK6I+1vocQ6N0PgwDjVGjzlWBkoa4zo5eqGakFUEwy/HXAdy3u+bOFTZnTtEU=
=1o8y
-----END PGP SIGNATURE-----
--- End Message ---
