Your message dated Thu, 15 Sep 2016 10:41:27 +0000
with message-id <e1bku6h-000678...@franck.debian.org>
and subject line Bug#834902: fixed in qemu 1:2.6+dfsg-3.1
has caused the Debian Bug report #834902,
regarding qemu: CVE-2016-6888
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
834902: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=834902
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: qemu
Version: 1:2.1+dfsg-11
Severity: normal
Tags: security upstream
Hi,
the following vulnerability was published for qemu.
CVE-2016-6888[0]:
net: vmxnet: integer overflow in packet initialisation
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2016-6888
[1]
http://git.qemu.org/?p=qemu.git;a=commit;h=47882fa4975bf0b58dd74474329fdd7154e8f04c
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: qemu
Source-Version: 1:2.6+dfsg-3.1
We believe that the bug you reported is fixed in the latest version of
qemu, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 834...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Andrew James <aja...@hpe.com> (supplier of updated qemu package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 14 Sep 2016 00:56:18 -0600
Source: qemu
Binary: qemu qemu-system qemu-block-extra qemu-system-common qemu-system-misc
qemu-system-arm qemu-system-mips qemu-system-ppc qemu-system-sparc
qemu-system-x86 qemu-user qemu-user-static qemu-user-binfmt qemu-utils
qemu-guest-agent qemu-kvm
Architecture: source amd64
Version: 1:2.6+dfsg-3.1
Distribution: unstable
Urgency: high
Maintainer: Debian QEMU Team <pkg-qemu-de...@lists.alioth.debian.org>
Changed-By: Andrew James <aja...@hpe.com>
Description:
qemu - fast processor emulator
qemu-block-extra - extra block backend modules for qemu-system and qemu-utils
qemu-guest-agent - Guest-side qemu-system agent
qemu-kvm - QEMU Full virtualization on x86 hardware
qemu-system - QEMU full system emulation binaries
qemu-system-arm - QEMU full system emulation binaries (arm)
qemu-system-common - QEMU full system emulation binaries (common files)
qemu-system-mips - QEMU full system emulation binaries (mips)
qemu-system-misc - QEMU full system emulation binaries (miscellaneous)
qemu-system-ppc - QEMU full system emulation binaries (ppc)
qemu-system-sparc - QEMU full system emulation binaries (sparc)
qemu-system-x86 - QEMU full system emulation binaries (x86)
qemu-user - QEMU user mode emulation binaries
qemu-user-binfmt - QEMU user mode binfmt registration for qemu-user
qemu-user-static - QEMU user mode emulation binaries (static version)
qemu-utils - QEMU utilities
Closes: 832619 832621 832767 834902 834904 834905 834944 835031 836502 837174
837339 837603
Changes:
qemu (1:2.6+dfsg-3.1) unstable; urgency=high
.
* Non-maintainer upload.
* Security fixes from upstream:
- virtio-error-out-if-guest-exceeds-virtqueue-size-CVE-2015-5403.patch
(Closes: #832619, CVE-2015-5403)
- scsi-pvscsi-avoid-infinite-loop-while-building-SG-list.patch
(Closes: #837339, CVE-2016-7156)
- scsi-pvscsi-check-page-count-while-initialising-descriptor-rings.patch
(Closes: #837174, CVE-2016-7155)
- CVE-2016-6351: scsi-esp-make-cmdbuf-big-enough-for-maximum-CDB-size.patch
and scsi-esp-fix-migration.patch (Closes: #832621, CVE-2016-6351)
- virtio-check-vring-descriptor-buffer-length.patch
(Closes: #832767, CVE-2016-6490)
- net-vmxnet3-check-for-device_active-before-write.patch
(Closes: #834904, CVE-2016-6833)
- net-check-fragment-length-during-fragmentation.patch
(Closes: #834905, CVE-2016-6834)
- net-vmxnet-check-IP-header-length.patch (Closes: #835031, CVE-2016-6835)
- net-vmxnet-initialise-local-tx-descriptor.patch
(Closes: #834944, CVE-2016-6836)
- net-vmxnet-use-g_new-for-pkt-initialisation.patch
(Closes: #834902, CVE-2016-6888)
- CVE-2016-7116: 9pfs-forbid-.-and-.-in-file-names.patch,
9pfs-forbid-illegal-path-names.patch and
9pfs-handle-walk-of-.-in-the-root-directory.patch
(Closes: #836502, CVE-2016-7116)
- CVE-2016-7157: scsi-mptconfig-fix-an-assert-expression.patch and
scsi-mptconfig-fix-misuse-of-MPTSAS_CONFIG_PACK.patch
(Closes: #837603, CVE-2016-7157)
Checksums-Sha1:
bf66462cda47f5c0d632267cbe911948621f7082 5710 qemu_2.6+dfsg-3.1.dsc
47c8c4936191f6c519adf83c2075dd6f56a41d34 89656 qemu_2.6+dfsg-3.1.debian.tar.xz
9cf1c73077978b4908f1c109f4f56830b1b43973 143930
qemu-block-extra-dbgsym_2.6+dfsg-3.1_amd64.deb
33dd102b41362da6ba087928d59ba611013bd735 83816
qemu-block-extra_2.6+dfsg-3.1_amd64.deb
af3de849c0f92177f2e51f95dc4701bd38692adc 492396
qemu-guest-agent-dbgsym_2.6+dfsg-3.1_amd64.deb
b70eff00971d7141a69b102d49cd58ef2240b00a 201304
qemu-guest-agent_2.6+dfsg-3.1_amd64.deb
5bd9a721813093bbff7d3f6162d0e2be3a8937b5 55664 qemu-kvm_2.6+dfsg-3.1_amd64.deb
3ac260c49aa440f5cab45a896aa7019f4e8e6b1d 20914036
qemu-system-arm-dbgsym_2.6+dfsg-3.1_amd64.deb
5eb933b77a3cf54ceacfd1a9ffb2264be62d473d 4634042
qemu-system-arm_2.6+dfsg-3.1_amd64.deb
ee5153b569d7a0b50782089763c509caab1d5275 100404
qemu-system-common-dbgsym_2.6+dfsg-3.1_amd64.deb
9a990e248f83b384da364cc5ba4b37a78327ad3c 359064
qemu-system-common_2.6+dfsg-3.1_amd64.deb
a105262d5cb2b213df643e9e717df5c86b70a336 35703238
qemu-system-mips-dbgsym_2.6+dfsg-3.1_amd64.deb
835f931f5c73cf1b5ee3258ea22c2b225f4a4303 7863108
qemu-system-mips_2.6+dfsg-3.1_amd64.deb
7ba4ad0422a9caf3184a20b7ff34177a694a3d28 89695754
qemu-system-misc-dbgsym_2.6+dfsg-3.1_amd64.deb
d31465b767255bb185fbff70f056a5256011c5ad 7892372
qemu-system-misc_2.6+dfsg-3.1_amd64.deb
2baf998a2f58d13a2fa3a9c3b639214df57e60ec 27732248
qemu-system-ppc-dbgsym_2.6+dfsg-3.1_amd64.deb
52ed24e546147ca5d1034c8ecfda038fd1cddd56 6192912
qemu-system-ppc_2.6+dfsg-3.1_amd64.deb
cdb611f68b7a25503bde9f1fdd21e98bb898425f 13383080
qemu-system-sparc-dbgsym_2.6+dfsg-3.1_amd64.deb
a170bc9fefd36396e5630d6a67a4179bbd6514c1 2236978
qemu-system-sparc_2.6+dfsg-3.1_amd64.deb
1032e4df58a538e94a5815a6c16f92ae31c2e2a7 19440990
qemu-system-x86-dbgsym_2.6+dfsg-3.1_amd64.deb
502f5747850fed15eb0df922d8a623a7429c0158 4234498
qemu-system-x86_2.6+dfsg-3.1_amd64.deb
a42891382597c7993e94112068d9b81ee6a0117c 54748
qemu-system_2.6+dfsg-3.1_amd64.deb
a77bf386e55710aad69f6767d41b0f34a2a2459d 2584
qemu-user-binfmt_2.6+dfsg-3.1_amd64.deb
f32296d142955bb01b26a5d3af521f6497dec44d 50182440
qemu-user-dbgsym_2.6+dfsg-3.1_amd64.deb
27ab3eda7d11fc9e5208fdff60015d2f1af60d2d 58001998
qemu-user-static-dbgsym_2.6+dfsg-3.1_amd64.deb
04b8b3b50aae5eb9fac8c597f0526c0674d82566 7106340
qemu-user-static_2.6+dfsg-3.1_amd64.deb
4567f77a0d22762d869c6016ed35d663766cfd52 6663690
qemu-user_2.6+dfsg-3.1_amd64.deb
b76584808f25e75bea788c66825e7f2c2a251bbd 5590120
qemu-utils-dbgsym_2.6+dfsg-3.1_amd64.deb
f763b0ed4cb1502cc1d6cc2c659d2e756f0ad6d9 732676
qemu-utils_2.6+dfsg-3.1_amd64.deb
3140e03fe609da33ccf0ef25e90b249ca811a743 135338 qemu_2.6+dfsg-3.1_amd64.deb
Checksums-Sha256:
69ee38f934c734f7e1a6d669289285e1b64454e768e0b3d50f78523f44fb6659 5710
qemu_2.6+dfsg-3.1.dsc
9780cb056c6f1dd080b81de507cb29778e6f1e61ae5975cf054a66488e73ff46 89656
qemu_2.6+dfsg-3.1.debian.tar.xz
73181139a1736d9ad65f773e299d2add6ac85d4f1f40a52558c5f2b425d917d4 143930
qemu-block-extra-dbgsym_2.6+dfsg-3.1_amd64.deb
e747711b2dec6dc4875d8d8d0fd4a84ecc2ee396c8c220d0de5054a0ac56a3dd 83816
qemu-block-extra_2.6+dfsg-3.1_amd64.deb
ca19c3f0ed24b4dc22dd73e789bdecec732b0757e43ab7ad913b51a7ced5da51 492396
qemu-guest-agent-dbgsym_2.6+dfsg-3.1_amd64.deb
d89c6c0a44e80928ffc69f75f5dee1067df8b9296986fad2b4fae7fd7fcc39c4 201304
qemu-guest-agent_2.6+dfsg-3.1_amd64.deb
57316d0f211b7e1e6b5cf0134f0c35bc95fb6a4719a2608b15361a3cb0a9ac5a 55664
qemu-kvm_2.6+dfsg-3.1_amd64.deb
a08e4bea1db4d89c729f3bffd37a92465555e36387e7de80aef6cdf90145bff8 20914036
qemu-system-arm-dbgsym_2.6+dfsg-3.1_amd64.deb
ac1ab3e2852ff1fb59d12a69435184de4fcd3c4b2f5a7b8b96f7489e7c8c9779 4634042
qemu-system-arm_2.6+dfsg-3.1_amd64.deb
4d929d06228cb83550b3a7b1ec5dcef7a351f0c10450d4c339cdf4e1d0de1a16 100404
qemu-system-common-dbgsym_2.6+dfsg-3.1_amd64.deb
5bda13ce9299860c7368b4c9c211686c085de3840f5353aea97b09684bac2ce5 359064
qemu-system-common_2.6+dfsg-3.1_amd64.deb
82938f6fb502125a349f95c960b1c52f32f26f6f70a34502076edb2d48b1b9ef 35703238
qemu-system-mips-dbgsym_2.6+dfsg-3.1_amd64.deb
4033c8cff650cec778826f74ef8e516ba5c9d8e1db73577cbdeaadfe24c76168 7863108
qemu-system-mips_2.6+dfsg-3.1_amd64.deb
37e786b98fac23f1779060e704095f3bf7aa02f8b10a829a5ade3112cd3e0025 89695754
qemu-system-misc-dbgsym_2.6+dfsg-3.1_amd64.deb
6785bd507da27e702ee470ce0d5caf05e25cd23bea37fb01dd34ced10a592220 7892372
qemu-system-misc_2.6+dfsg-3.1_amd64.deb
7b6905a114ee19ce42523eb9829da0251c550bfc5deb277bec821f0ce5b5bbb6 27732248
qemu-system-ppc-dbgsym_2.6+dfsg-3.1_amd64.deb
6f0356329abb064f6b98ab146efeeece156206c680bb2012218cd010e231eb3f 6192912
qemu-system-ppc_2.6+dfsg-3.1_amd64.deb
4737e4fd86153737ecbc85bc53ad859f118a01042be6a4bc10d681818ff16592 13383080
qemu-system-sparc-dbgsym_2.6+dfsg-3.1_amd64.deb
55eabdd62d7e2781e08aca978be2cc9aa761a26de9c857724445833a403aa639 2236978
qemu-system-sparc_2.6+dfsg-3.1_amd64.deb
d47e4ef8c2c27abdbd596f51d792e80af08f2615e3ebd55c02aa3305ea18e594 19440990
qemu-system-x86-dbgsym_2.6+dfsg-3.1_amd64.deb
fb6c7b237797bc43f1b91e3a7a65ae805cdfecce8438bf49f08f4de0c43e1f67 4234498
qemu-system-x86_2.6+dfsg-3.1_amd64.deb
64bfbc0eead350cbce0136710cf8f4fe87fa365e5e212a773422c5f8918d1e9a 54748
qemu-system_2.6+dfsg-3.1_amd64.deb
4b7b6a709d7bacaca2fbd18a538df92173fe8e8a900446d3cc5d01cb0e9a3525 2584
qemu-user-binfmt_2.6+dfsg-3.1_amd64.deb
77a66e1bc16c319415196b47c7aa8159ab6a7d8e873da923713afbbb689c7b92 50182440
qemu-user-dbgsym_2.6+dfsg-3.1_amd64.deb
0c3504db0550f85730af2f205ddc3b881cbef78f1dc0bdd48164c18c7ff48ce1 58001998
qemu-user-static-dbgsym_2.6+dfsg-3.1_amd64.deb
6c3ac0cc8fc428e32057d4c2294533e3bba055e845dc445bd734643c5c25870f 7106340
qemu-user-static_2.6+dfsg-3.1_amd64.deb
7e5b704578adc13b043b7917b392552d78389f0c1a906d02d534771e2a2945b8 6663690
qemu-user_2.6+dfsg-3.1_amd64.deb
c64a1a001c8d9f5ca304dc99e7094d890f2dda79a2f80900a77df8a916e2a7d4 5590120
qemu-utils-dbgsym_2.6+dfsg-3.1_amd64.deb
7038abf37406c9b931a369cd2bb3a50b47b1959a6b60e00002ea2d0a9f707acf 732676
qemu-utils_2.6+dfsg-3.1_amd64.deb
2648b0bbc3a5ec67cb0c908986920c0167ba3df8e06e20c55136b185eebbcdee 135338
qemu_2.6+dfsg-3.1_amd64.deb
Files:
18887869c1fc44c20cac711df28a4483 5710 otherosfs optional qemu_2.6+dfsg-3.1.dsc
f7076da540bd8d56699560cc0585891e 89656 otherosfs optional
qemu_2.6+dfsg-3.1.debian.tar.xz
d6171261fab96603931e3c4a787809e3 143930 debug extra
qemu-block-extra-dbgsym_2.6+dfsg-3.1_amd64.deb
6fa3fc2c04ddecc32cadffd16ffbd4a7 83816 otherosfs optional
qemu-block-extra_2.6+dfsg-3.1_amd64.deb
9d2eb4dc9f9c96fa39c6581aa0b682a1 492396 debug extra
qemu-guest-agent-dbgsym_2.6+dfsg-3.1_amd64.deb
8fb9bd8d5443d311431279845a272abd 201304 otherosfs optional
qemu-guest-agent_2.6+dfsg-3.1_amd64.deb
3278ab31e2abe90d8e1099ba1d339f5a 55664 otherosfs optional
qemu-kvm_2.6+dfsg-3.1_amd64.deb
7442cbc460ae60ccd5fa0e227d31bd33 20914036 debug extra
qemu-system-arm-dbgsym_2.6+dfsg-3.1_amd64.deb
61d1a16f43ba8d2a6bdb2bad567f99a1 4634042 otherosfs optional
qemu-system-arm_2.6+dfsg-3.1_amd64.deb
8d3572e04f8e7aadb638035b096ce5d9 100404 debug extra
qemu-system-common-dbgsym_2.6+dfsg-3.1_amd64.deb
59dc7d579d5f780a8d21caab1c290e53 359064 otherosfs optional
qemu-system-common_2.6+dfsg-3.1_amd64.deb
948b227aaad26c6d6272aacce4b27bf0 35703238 debug extra
qemu-system-mips-dbgsym_2.6+dfsg-3.1_amd64.deb
e6d97fd66478ac5a55012fa84f431dbd 7863108 otherosfs optional
qemu-system-mips_2.6+dfsg-3.1_amd64.deb
a07866ca28f8b431f71cadac38b36877 89695754 debug extra
qemu-system-misc-dbgsym_2.6+dfsg-3.1_amd64.deb
51e786e3a102ed78aaea9089681cbecf 7892372 otherosfs optional
qemu-system-misc_2.6+dfsg-3.1_amd64.deb
68b34a914a74dfac3977083df2b60ead 27732248 debug extra
qemu-system-ppc-dbgsym_2.6+dfsg-3.1_amd64.deb
2c820c85049ac60d683c7f882d2d044f 6192912 otherosfs optional
qemu-system-ppc_2.6+dfsg-3.1_amd64.deb
a8b38af2de3604634bd0d11a6f7cff68 13383080 debug extra
qemu-system-sparc-dbgsym_2.6+dfsg-3.1_amd64.deb
b8b4618a1c626b3e8566e4252e6c27db 2236978 otherosfs optional
qemu-system-sparc_2.6+dfsg-3.1_amd64.deb
5b06fce9bd186c77c5a79e8af776cbea 19440990 debug extra
qemu-system-x86-dbgsym_2.6+dfsg-3.1_amd64.deb
3097aefae94c0785e0668c87ca028cb7 4234498 otherosfs optional
qemu-system-x86_2.6+dfsg-3.1_amd64.deb
ba161ca18f9fdaed4863bf5eac1c995a 54748 otherosfs optional
qemu-system_2.6+dfsg-3.1_amd64.deb
2843a7bf47debb47efa63a958984d00f 2584 otherosfs optional
qemu-user-binfmt_2.6+dfsg-3.1_amd64.deb
064a0f634eb3c617d8ddf2d6638fc2fe 50182440 debug extra
qemu-user-dbgsym_2.6+dfsg-3.1_amd64.deb
695313e4cd67cd433ea1082178a46354 58001998 debug extra
qemu-user-static-dbgsym_2.6+dfsg-3.1_amd64.deb
f27d9591670d112be1616552353334ce 7106340 otherosfs optional
qemu-user-static_2.6+dfsg-3.1_amd64.deb
6275c63dcd5355c1add9d43fb7555e38 6663690 otherosfs optional
qemu-user_2.6+dfsg-3.1_amd64.deb
e3a3fa84d305793f661bab4cdf2ca6ca 5590120 debug extra
qemu-utils-dbgsym_2.6+dfsg-3.1_amd64.deb
e725753bd27a236a79635644790c853b 732676 otherosfs optional
qemu-utils_2.6+dfsg-3.1_amd64.deb
64b5c2a788ce013229b696bc82f6d71d 135338 otherosfs optional
qemu_2.6+dfsg-3.1_amd64.deb
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJX2fTRAAoJELJMpj9uu+hNoXYQAK8yY+Gb2GMzTBDo/fUgS0DM
QBaB0KcKMLViCnkoARF8ECBmrMo5NBVw0vCxO32f81VeeERlH67+vY72c8ST2+LF
9DkZVtMjqwlqc9HbWSnC+InvJ2R/fVWuuaQKnbv0ItNeRrlBuZ1UWbq68md0BZix
NuKCGVjcMFVVCtJyRzO1LkBADcRtRwhwXU8JT34M9mMuoUJoASZzaD8sxBRt1D4a
D9h1+M8pXFDCBRC+w+IOKSeaLLU2dlF0wno7T2QEgB/v+M1vr/21M4bohc5oklqE
uLFJxOw+CDBCLHO1wELTBx/nvSjr8tznNXR3KkfjqKfTtHgjfWkGBaDIcPFNty+J
qdwz9jbVOYIW0JhgfNL7/G4mUDYfwTAhcEH9r47OxifKyVhfmaTKi5j8P1NjuNtH
wdKJpM+Tu20agSqXuQApVQeEm3599vzBy9AnU40JAU9Lzw2cxWJl+cicy+Vn0bbU
vsfX5xQRoWYELmZFoZ4MRI9nI6j49UHkBVjsGJ7d4HS0MWoOo5b7Uz0WCxFrmPPp
bFmSk3+Rhf+rMvOn7PQxwvCY4KMVXdWs/58OS8xhlOuTKGecm/dgxqtXCNFD+L9J
NXBLTpf7JJeQuTkjt99iuhrsuh7rG2qtLAlZQotuw8aU4Abc2s5BP9nLtz7jovMY
YsREvKE1gJNwMo3ME6Vr
=FFhI
-----END PGP SIGNATURE-----
--- End Message ---