Your message dated Thu, 28 Jan 2016 16:24:31 +0000
with message-id <[email protected]>
and subject line Bug#809237: fixed in qemu 1:2.5+dfsg-5
has caused the Debian Bug report #809237,
regarding CVE-2015-8619: hmp: stack based OOB write in hmp_sendkey routine
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
809237: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=809237
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: qemu
Version: 1.3.0+dfsg-1
Severity: important
Tags: security patch upstream
CVE-2015-8619 has been reported against qemu:
Qemu emulator built with the Human Monitor Interface(HMP) support
is vulnerable to an OOB write issue. It occurs while processing
'sendkey' command in hmp_sendkey routine, if the command argument
is longer than the 'keyname_buf' buffer size.
A user/process could use this flaw to crash the Qemu process instance
resulting in DoS.
The function hmp_sendkey, together with this vulnerability, has been introduced
upstream past 1.2.0 version (e4c8f004c55d9da3eae3e14df740238bf805b5d6).
--- End Message ---
--- Begin Message ---
Source: qemu
Source-Version: 1:2.5+dfsg-5
We believe that the bug you reported is fixed in the latest version of
qemu, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michael Tokarev <[email protected]> (supplier of updated qemu package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Thu, 28 Jan 2016 18:39:21 +0300
Source: qemu
Binary: qemu qemu-system qemu-block-extra qemu-system-common qemu-system-misc
qemu-system-arm qemu-system-mips qemu-system-ppc qemu-system-sparc
qemu-system-x86 qemu-user qemu-user-static qemu-user-binfmt qemu-utils
qemu-guest-agent qemu-kvm
Architecture: source
Version: 1:2.5+dfsg-5
Distribution: unstable
Urgency: medium
Maintainer: Debian QEMU Team <[email protected]>
Changed-By: Michael Tokarev <[email protected]>
Description:
qemu - fast processor emulator
qemu-block-extra - extra block backend modules for qemu-system and qemu-utils
qemu-guest-agent - Guest-side qemu-system agent
qemu-kvm - QEMU Full virtualization on x86 hardware
qemu-system - QEMU full system emulation binaries
qemu-system-arm - QEMU full system emulation binaries (arm)
qemu-system-common - QEMU full system emulation binaries (common files)
qemu-system-mips - QEMU full system emulation binaries (mips)
qemu-system-misc - QEMU full system emulation binaries (miscelaneous)
qemu-system-ppc - QEMU full system emulation binaries (ppc)
qemu-system-sparc - QEMU full system emulation binaries (sparc)
qemu-system-x86 - QEMU full system emulation binaries (x86)
qemu-user - QEMU user mode emulation binaries
qemu-user-binfmt - QEMU user mode binfmt registration for qemu-user
qemu-user-static - QEMU user mode emulation binaries (static version)
qemu-utils - QEMU utilities
Closes: 809237 812307
Changes:
qemu (1:2.5+dfsg-5) unstable; urgency=medium
.
* fix misspellings in previous debian/changelog entry
* e1000-eliminate-infinite-loops-on-out-of-bounds-start-CVE-2016-1981.patch
(Closes: #812307, CVE-2016-1981)
* hmp-fix-sendkey-out-of-bounds-write-CVE-2015-8619.patch
(Closes: #809237, CVE-2015-8619)
* use `command -v' instead of `type' to check for command existance
Checksums-Sha1:
5179819721983de0f93cb2efd613c2a8c57d63ef 5373 qemu_2.5+dfsg-5.dsc
8710af27e1f8eb16c6b5089caa2abbe01008ffda 70696 qemu_2.5+dfsg-5.debian.tar.xz
Checksums-Sha256:
e6293619e1f655723484fa68be6a24436a58bbeae04a64b97cbfb425a2315942 5373
qemu_2.5+dfsg-5.dsc
9214c2521fe986187161398a6b38a2c8c8043320ac9f93014e1d3499e2f9a61f 70696
qemu_2.5+dfsg-5.debian.tar.xz
Files:
ea3a812f401deba75fcea5e1119cbb2a 5373 otherosfs optional qemu_2.5+dfsg-5.dsc
7175a5aa7e2d7072a1abaf1399e89368 70696 otherosfs optional
qemu_2.5+dfsg-5.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJWqjvvAAoJEL7lnXSkw9fbeDEH/iZGyCYpvbMC2Mu7pGOm5tc1
S0BQ3F98vhudNpIk5d+vvHdrW4vpSKO2OXoIKf3mKV2nD66m/n4QjuCLowYBiotL
UqLmDFXFv9x9WYJAUtSco8DMCRD3cBY7sEK8vRSuBXG1+AM0rg5dHXqkWMztqIRQ
VgHkJYdv4ON6dt2wQNlgOnWcq+AQK58bzdD/dlpl6qx3OG5Q1ey497YFKbZ3n9cT
G+/v/8Qluh99H+qY4ei6OOmyjPQtnDJWQendxCBd8iXWqsezibKupjRGV/xuh1rC
ytugqgQU4A6FDzGjN1bVuhzXb5E+PdmSKn4tjgZi5IO59DC+vG38gJG+Z9u1sqI=
=Fqdr
-----END PGP SIGNATURE-----
--- End Message ---
