Your message dated Thu, 15 Sep 2016 10:41:28 +0000
with message-id <e1bku6i-00067w...@franck.debian.org>
and subject line Bug#835031: fixed in qemu 1:2.6+dfsg-3.1
has caused the Debian Bug report #835031,
regarding qemu: CVE-2016-6835: buffer overflow in vmxnet_tx_pkt_parse_headers() 
in vmxnet3 device emulation
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
835031: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=835031
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: qemu
Version: 1:2.1+dfsg-11
Severity: important
Tags: security upstream

Hi,

the following vulnerability was published for qemu.

CVE-2016-6835[0]:
|buffer overflow in vmxnet_tx_pkt_parse_headers() in vmxnet3 device
|emulation

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2016-6835
[1] http://www.openwall.com/lists/oss-security/2016/08/11/7

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- End Message ---
--- Begin Message ---
Source: qemu
Source-Version: 1:2.6+dfsg-3.1

We believe that the bug you reported is fixed in the latest version of
qemu, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 835...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Andrew James <aja...@hpe.com> (supplier of updated qemu package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 14 Sep 2016 00:56:18 -0600
Source: qemu
Binary: qemu qemu-system qemu-block-extra qemu-system-common qemu-system-misc 
qemu-system-arm qemu-system-mips qemu-system-ppc qemu-system-sparc 
qemu-system-x86 qemu-user qemu-user-static qemu-user-binfmt qemu-utils 
qemu-guest-agent qemu-kvm
Architecture: source amd64
Version: 1:2.6+dfsg-3.1
Distribution: unstable
Urgency: high
Maintainer: Debian QEMU Team <pkg-qemu-de...@lists.alioth.debian.org>
Changed-By: Andrew James <aja...@hpe.com>
Description:
 qemu       - fast processor emulator
 qemu-block-extra - extra block backend modules for qemu-system and qemu-utils
 qemu-guest-agent - Guest-side qemu-system agent
 qemu-kvm   - QEMU Full virtualization on x86 hardware
 qemu-system - QEMU full system emulation binaries
 qemu-system-arm - QEMU full system emulation binaries (arm)
 qemu-system-common - QEMU full system emulation binaries (common files)
 qemu-system-mips - QEMU full system emulation binaries (mips)
 qemu-system-misc - QEMU full system emulation binaries (miscellaneous)
 qemu-system-ppc - QEMU full system emulation binaries (ppc)
 qemu-system-sparc - QEMU full system emulation binaries (sparc)
 qemu-system-x86 - QEMU full system emulation binaries (x86)
 qemu-user  - QEMU user mode emulation binaries
 qemu-user-binfmt - QEMU user mode binfmt registration for qemu-user
 qemu-user-static - QEMU user mode emulation binaries (static version)
 qemu-utils - QEMU utilities
Closes: 832619 832621 832767 834902 834904 834905 834944 835031 836502 837174 
837339 837603
Changes:
 qemu (1:2.6+dfsg-3.1) unstable; urgency=high
 .
   * Non-maintainer upload.
   * Security fixes from upstream:
    - virtio-error-out-if-guest-exceeds-virtqueue-size-CVE-2015-5403.patch
      (Closes: #832619, CVE-2015-5403)
    - scsi-pvscsi-avoid-infinite-loop-while-building-SG-list.patch
      (Closes: #837339, CVE-2016-7156)
    - scsi-pvscsi-check-page-count-while-initialising-descriptor-rings.patch
      (Closes: #837174, CVE-2016-7155)
    - CVE-2016-6351: scsi-esp-make-cmdbuf-big-enough-for-maximum-CDB-size.patch
      and scsi-esp-fix-migration.patch (Closes: #832621, CVE-2016-6351)
    - virtio-check-vring-descriptor-buffer-length.patch
      (Closes: #832767, CVE-2016-6490)
    - net-vmxnet3-check-for-device_active-before-write.patch
      (Closes: #834904, CVE-2016-6833)
    - net-check-fragment-length-during-fragmentation.patch
      (Closes: #834905, CVE-2016-6834)
    - net-vmxnet-check-IP-header-length.patch (Closes: #835031, CVE-2016-6835)
    - net-vmxnet-initialise-local-tx-descriptor.patch
      (Closes: #834944, CVE-2016-6836)
    - net-vmxnet-use-g_new-for-pkt-initialisation.patch
      (Closes: #834902, CVE-2016-6888)
    - CVE-2016-7116: 9pfs-forbid-.-and-.-in-file-names.patch,
      9pfs-forbid-illegal-path-names.patch and
      9pfs-handle-walk-of-.-in-the-root-directory.patch
      (Closes: #836502, CVE-2016-7116)
    - CVE-2016-7157: scsi-mptconfig-fix-an-assert-expression.patch and
      scsi-mptconfig-fix-misuse-of-MPTSAS_CONFIG_PACK.patch
      (Closes: #837603, CVE-2016-7157)
Checksums-Sha1:
 bf66462cda47f5c0d632267cbe911948621f7082 5710 qemu_2.6+dfsg-3.1.dsc
 47c8c4936191f6c519adf83c2075dd6f56a41d34 89656 qemu_2.6+dfsg-3.1.debian.tar.xz
 9cf1c73077978b4908f1c109f4f56830b1b43973 143930 
qemu-block-extra-dbgsym_2.6+dfsg-3.1_amd64.deb
 33dd102b41362da6ba087928d59ba611013bd735 83816 
qemu-block-extra_2.6+dfsg-3.1_amd64.deb
 af3de849c0f92177f2e51f95dc4701bd38692adc 492396 
qemu-guest-agent-dbgsym_2.6+dfsg-3.1_amd64.deb
 b70eff00971d7141a69b102d49cd58ef2240b00a 201304 
qemu-guest-agent_2.6+dfsg-3.1_amd64.deb
 5bd9a721813093bbff7d3f6162d0e2be3a8937b5 55664 qemu-kvm_2.6+dfsg-3.1_amd64.deb
 3ac260c49aa440f5cab45a896aa7019f4e8e6b1d 20914036 
qemu-system-arm-dbgsym_2.6+dfsg-3.1_amd64.deb
 5eb933b77a3cf54ceacfd1a9ffb2264be62d473d 4634042 
qemu-system-arm_2.6+dfsg-3.1_amd64.deb
 ee5153b569d7a0b50782089763c509caab1d5275 100404 
qemu-system-common-dbgsym_2.6+dfsg-3.1_amd64.deb
 9a990e248f83b384da364cc5ba4b37a78327ad3c 359064 
qemu-system-common_2.6+dfsg-3.1_amd64.deb
 a105262d5cb2b213df643e9e717df5c86b70a336 35703238 
qemu-system-mips-dbgsym_2.6+dfsg-3.1_amd64.deb
 835f931f5c73cf1b5ee3258ea22c2b225f4a4303 7863108 
qemu-system-mips_2.6+dfsg-3.1_amd64.deb
 7ba4ad0422a9caf3184a20b7ff34177a694a3d28 89695754 
qemu-system-misc-dbgsym_2.6+dfsg-3.1_amd64.deb
 d31465b767255bb185fbff70f056a5256011c5ad 7892372 
qemu-system-misc_2.6+dfsg-3.1_amd64.deb
 2baf998a2f58d13a2fa3a9c3b639214df57e60ec 27732248 
qemu-system-ppc-dbgsym_2.6+dfsg-3.1_amd64.deb
 52ed24e546147ca5d1034c8ecfda038fd1cddd56 6192912 
qemu-system-ppc_2.6+dfsg-3.1_amd64.deb
 cdb611f68b7a25503bde9f1fdd21e98bb898425f 13383080 
qemu-system-sparc-dbgsym_2.6+dfsg-3.1_amd64.deb
 a170bc9fefd36396e5630d6a67a4179bbd6514c1 2236978 
qemu-system-sparc_2.6+dfsg-3.1_amd64.deb
 1032e4df58a538e94a5815a6c16f92ae31c2e2a7 19440990 
qemu-system-x86-dbgsym_2.6+dfsg-3.1_amd64.deb
 502f5747850fed15eb0df922d8a623a7429c0158 4234498 
qemu-system-x86_2.6+dfsg-3.1_amd64.deb
 a42891382597c7993e94112068d9b81ee6a0117c 54748 
qemu-system_2.6+dfsg-3.1_amd64.deb
 a77bf386e55710aad69f6767d41b0f34a2a2459d 2584 
qemu-user-binfmt_2.6+dfsg-3.1_amd64.deb
 f32296d142955bb01b26a5d3af521f6497dec44d 50182440 
qemu-user-dbgsym_2.6+dfsg-3.1_amd64.deb
 27ab3eda7d11fc9e5208fdff60015d2f1af60d2d 58001998 
qemu-user-static-dbgsym_2.6+dfsg-3.1_amd64.deb
 04b8b3b50aae5eb9fac8c597f0526c0674d82566 7106340 
qemu-user-static_2.6+dfsg-3.1_amd64.deb
 4567f77a0d22762d869c6016ed35d663766cfd52 6663690 
qemu-user_2.6+dfsg-3.1_amd64.deb
 b76584808f25e75bea788c66825e7f2c2a251bbd 5590120 
qemu-utils-dbgsym_2.6+dfsg-3.1_amd64.deb
 f763b0ed4cb1502cc1d6cc2c659d2e756f0ad6d9 732676 
qemu-utils_2.6+dfsg-3.1_amd64.deb
 3140e03fe609da33ccf0ef25e90b249ca811a743 135338 qemu_2.6+dfsg-3.1_amd64.deb
Checksums-Sha256:
 69ee38f934c734f7e1a6d669289285e1b64454e768e0b3d50f78523f44fb6659 5710 
qemu_2.6+dfsg-3.1.dsc
 9780cb056c6f1dd080b81de507cb29778e6f1e61ae5975cf054a66488e73ff46 89656 
qemu_2.6+dfsg-3.1.debian.tar.xz
 73181139a1736d9ad65f773e299d2add6ac85d4f1f40a52558c5f2b425d917d4 143930 
qemu-block-extra-dbgsym_2.6+dfsg-3.1_amd64.deb
 e747711b2dec6dc4875d8d8d0fd4a84ecc2ee396c8c220d0de5054a0ac56a3dd 83816 
qemu-block-extra_2.6+dfsg-3.1_amd64.deb
 ca19c3f0ed24b4dc22dd73e789bdecec732b0757e43ab7ad913b51a7ced5da51 492396 
qemu-guest-agent-dbgsym_2.6+dfsg-3.1_amd64.deb
 d89c6c0a44e80928ffc69f75f5dee1067df8b9296986fad2b4fae7fd7fcc39c4 201304 
qemu-guest-agent_2.6+dfsg-3.1_amd64.deb
 57316d0f211b7e1e6b5cf0134f0c35bc95fb6a4719a2608b15361a3cb0a9ac5a 55664 
qemu-kvm_2.6+dfsg-3.1_amd64.deb
 a08e4bea1db4d89c729f3bffd37a92465555e36387e7de80aef6cdf90145bff8 20914036 
qemu-system-arm-dbgsym_2.6+dfsg-3.1_amd64.deb
 ac1ab3e2852ff1fb59d12a69435184de4fcd3c4b2f5a7b8b96f7489e7c8c9779 4634042 
qemu-system-arm_2.6+dfsg-3.1_amd64.deb
 4d929d06228cb83550b3a7b1ec5dcef7a351f0c10450d4c339cdf4e1d0de1a16 100404 
qemu-system-common-dbgsym_2.6+dfsg-3.1_amd64.deb
 5bda13ce9299860c7368b4c9c211686c085de3840f5353aea97b09684bac2ce5 359064 
qemu-system-common_2.6+dfsg-3.1_amd64.deb
 82938f6fb502125a349f95c960b1c52f32f26f6f70a34502076edb2d48b1b9ef 35703238 
qemu-system-mips-dbgsym_2.6+dfsg-3.1_amd64.deb
 4033c8cff650cec778826f74ef8e516ba5c9d8e1db73577cbdeaadfe24c76168 7863108 
qemu-system-mips_2.6+dfsg-3.1_amd64.deb
 37e786b98fac23f1779060e704095f3bf7aa02f8b10a829a5ade3112cd3e0025 89695754 
qemu-system-misc-dbgsym_2.6+dfsg-3.1_amd64.deb
 6785bd507da27e702ee470ce0d5caf05e25cd23bea37fb01dd34ced10a592220 7892372 
qemu-system-misc_2.6+dfsg-3.1_amd64.deb
 7b6905a114ee19ce42523eb9829da0251c550bfc5deb277bec821f0ce5b5bbb6 27732248 
qemu-system-ppc-dbgsym_2.6+dfsg-3.1_amd64.deb
 6f0356329abb064f6b98ab146efeeece156206c680bb2012218cd010e231eb3f 6192912 
qemu-system-ppc_2.6+dfsg-3.1_amd64.deb
 4737e4fd86153737ecbc85bc53ad859f118a01042be6a4bc10d681818ff16592 13383080 
qemu-system-sparc-dbgsym_2.6+dfsg-3.1_amd64.deb
 55eabdd62d7e2781e08aca978be2cc9aa761a26de9c857724445833a403aa639 2236978 
qemu-system-sparc_2.6+dfsg-3.1_amd64.deb
 d47e4ef8c2c27abdbd596f51d792e80af08f2615e3ebd55c02aa3305ea18e594 19440990 
qemu-system-x86-dbgsym_2.6+dfsg-3.1_amd64.deb
 fb6c7b237797bc43f1b91e3a7a65ae805cdfecce8438bf49f08f4de0c43e1f67 4234498 
qemu-system-x86_2.6+dfsg-3.1_amd64.deb
 64bfbc0eead350cbce0136710cf8f4fe87fa365e5e212a773422c5f8918d1e9a 54748 
qemu-system_2.6+dfsg-3.1_amd64.deb
 4b7b6a709d7bacaca2fbd18a538df92173fe8e8a900446d3cc5d01cb0e9a3525 2584 
qemu-user-binfmt_2.6+dfsg-3.1_amd64.deb
 77a66e1bc16c319415196b47c7aa8159ab6a7d8e873da923713afbbb689c7b92 50182440 
qemu-user-dbgsym_2.6+dfsg-3.1_amd64.deb
 0c3504db0550f85730af2f205ddc3b881cbef78f1dc0bdd48164c18c7ff48ce1 58001998 
qemu-user-static-dbgsym_2.6+dfsg-3.1_amd64.deb
 6c3ac0cc8fc428e32057d4c2294533e3bba055e845dc445bd734643c5c25870f 7106340 
qemu-user-static_2.6+dfsg-3.1_amd64.deb
 7e5b704578adc13b043b7917b392552d78389f0c1a906d02d534771e2a2945b8 6663690 
qemu-user_2.6+dfsg-3.1_amd64.deb
 c64a1a001c8d9f5ca304dc99e7094d890f2dda79a2f80900a77df8a916e2a7d4 5590120 
qemu-utils-dbgsym_2.6+dfsg-3.1_amd64.deb
 7038abf37406c9b931a369cd2bb3a50b47b1959a6b60e00002ea2d0a9f707acf 732676 
qemu-utils_2.6+dfsg-3.1_amd64.deb
 2648b0bbc3a5ec67cb0c908986920c0167ba3df8e06e20c55136b185eebbcdee 135338 
qemu_2.6+dfsg-3.1_amd64.deb
Files:
 18887869c1fc44c20cac711df28a4483 5710 otherosfs optional qemu_2.6+dfsg-3.1.dsc
 f7076da540bd8d56699560cc0585891e 89656 otherosfs optional 
qemu_2.6+dfsg-3.1.debian.tar.xz
 d6171261fab96603931e3c4a787809e3 143930 debug extra 
qemu-block-extra-dbgsym_2.6+dfsg-3.1_amd64.deb
 6fa3fc2c04ddecc32cadffd16ffbd4a7 83816 otherosfs optional 
qemu-block-extra_2.6+dfsg-3.1_amd64.deb
 9d2eb4dc9f9c96fa39c6581aa0b682a1 492396 debug extra 
qemu-guest-agent-dbgsym_2.6+dfsg-3.1_amd64.deb
 8fb9bd8d5443d311431279845a272abd 201304 otherosfs optional 
qemu-guest-agent_2.6+dfsg-3.1_amd64.deb
 3278ab31e2abe90d8e1099ba1d339f5a 55664 otherosfs optional 
qemu-kvm_2.6+dfsg-3.1_amd64.deb
 7442cbc460ae60ccd5fa0e227d31bd33 20914036 debug extra 
qemu-system-arm-dbgsym_2.6+dfsg-3.1_amd64.deb
 61d1a16f43ba8d2a6bdb2bad567f99a1 4634042 otherosfs optional 
qemu-system-arm_2.6+dfsg-3.1_amd64.deb
 8d3572e04f8e7aadb638035b096ce5d9 100404 debug extra 
qemu-system-common-dbgsym_2.6+dfsg-3.1_amd64.deb
 59dc7d579d5f780a8d21caab1c290e53 359064 otherosfs optional 
qemu-system-common_2.6+dfsg-3.1_amd64.deb
 948b227aaad26c6d6272aacce4b27bf0 35703238 debug extra 
qemu-system-mips-dbgsym_2.6+dfsg-3.1_amd64.deb
 e6d97fd66478ac5a55012fa84f431dbd 7863108 otherosfs optional 
qemu-system-mips_2.6+dfsg-3.1_amd64.deb
 a07866ca28f8b431f71cadac38b36877 89695754 debug extra 
qemu-system-misc-dbgsym_2.6+dfsg-3.1_amd64.deb
 51e786e3a102ed78aaea9089681cbecf 7892372 otherosfs optional 
qemu-system-misc_2.6+dfsg-3.1_amd64.deb
 68b34a914a74dfac3977083df2b60ead 27732248 debug extra 
qemu-system-ppc-dbgsym_2.6+dfsg-3.1_amd64.deb
 2c820c85049ac60d683c7f882d2d044f 6192912 otherosfs optional 
qemu-system-ppc_2.6+dfsg-3.1_amd64.deb
 a8b38af2de3604634bd0d11a6f7cff68 13383080 debug extra 
qemu-system-sparc-dbgsym_2.6+dfsg-3.1_amd64.deb
 b8b4618a1c626b3e8566e4252e6c27db 2236978 otherosfs optional 
qemu-system-sparc_2.6+dfsg-3.1_amd64.deb
 5b06fce9bd186c77c5a79e8af776cbea 19440990 debug extra 
qemu-system-x86-dbgsym_2.6+dfsg-3.1_amd64.deb
 3097aefae94c0785e0668c87ca028cb7 4234498 otherosfs optional 
qemu-system-x86_2.6+dfsg-3.1_amd64.deb
 ba161ca18f9fdaed4863bf5eac1c995a 54748 otherosfs optional 
qemu-system_2.6+dfsg-3.1_amd64.deb
 2843a7bf47debb47efa63a958984d00f 2584 otherosfs optional 
qemu-user-binfmt_2.6+dfsg-3.1_amd64.deb
 064a0f634eb3c617d8ddf2d6638fc2fe 50182440 debug extra 
qemu-user-dbgsym_2.6+dfsg-3.1_amd64.deb
 695313e4cd67cd433ea1082178a46354 58001998 debug extra 
qemu-user-static-dbgsym_2.6+dfsg-3.1_amd64.deb
 f27d9591670d112be1616552353334ce 7106340 otherosfs optional 
qemu-user-static_2.6+dfsg-3.1_amd64.deb
 6275c63dcd5355c1add9d43fb7555e38 6663690 otherosfs optional 
qemu-user_2.6+dfsg-3.1_amd64.deb
 e3a3fa84d305793f661bab4cdf2ca6ca 5590120 debug extra 
qemu-utils-dbgsym_2.6+dfsg-3.1_amd64.deb
 e725753bd27a236a79635644790c853b 732676 otherosfs optional 
qemu-utils_2.6+dfsg-3.1_amd64.deb
 64b5c2a788ce013229b696bc82f6d71d 135338 otherosfs optional 
qemu_2.6+dfsg-3.1_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJX2fTRAAoJELJMpj9uu+hNoXYQAK8yY+Gb2GMzTBDo/fUgS0DM
QBaB0KcKMLViCnkoARF8ECBmrMo5NBVw0vCxO32f81VeeERlH67+vY72c8ST2+LF
9DkZVtMjqwlqc9HbWSnC+InvJ2R/fVWuuaQKnbv0ItNeRrlBuZ1UWbq68md0BZix
NuKCGVjcMFVVCtJyRzO1LkBADcRtRwhwXU8JT34M9mMuoUJoASZzaD8sxBRt1D4a
D9h1+M8pXFDCBRC+w+IOKSeaLLU2dlF0wno7T2QEgB/v+M1vr/21M4bohc5oklqE
uLFJxOw+CDBCLHO1wELTBx/nvSjr8tznNXR3KkfjqKfTtHgjfWkGBaDIcPFNty+J
qdwz9jbVOYIW0JhgfNL7/G4mUDYfwTAhcEH9r47OxifKyVhfmaTKi5j8P1NjuNtH
wdKJpM+Tu20agSqXuQApVQeEm3599vzBy9AnU40JAU9Lzw2cxWJl+cicy+Vn0bbU
vsfX5xQRoWYELmZFoZ4MRI9nI6j49UHkBVjsGJ7d4HS0MWoOo5b7Uz0WCxFrmPPp
bFmSk3+Rhf+rMvOn7PQxwvCY4KMVXdWs/58OS8xhlOuTKGecm/dgxqtXCNFD+L9J
NXBLTpf7JJeQuTkjt99iuhrsuh7rG2qtLAlZQotuw8aU4Abc2s5BP9nLtz7jovMY
YsREvKE1gJNwMo3ME6Vr
=FFhI
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to