Your message dated Sat, 23 Sep 2017 16:28:09 +0000
with message-id <[email protected]>
and subject line Bug#873875: fixed in qemu 1:2.10.0+dfsg-1
has caused the Debian Bug report #873875,
regarding qemu: CVE-2017-13711: Slirp: use-after-free when sending response
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
873875: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873875
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: qemu
Version: 1:2.8+dfsg-6
Severity: normal
Hi,
the following vulnerability was published for qemu.
CVE-2017-13711[0]:
Slirp: use-after-free when sending response
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-13711
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13711
[1] https://lists.gnu.org/archive/html/qemu-devel/2017-08/msg05201.html
[2] http://www.openwall.com/lists/oss-security/2017/08/29/6
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: qemu
Source-Version: 1:2.10.0+dfsg-1
We believe that the bug you reported is fixed in the latest version of
qemu, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michael Tokarev <[email protected]> (supplier of updated qemu package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sat, 23 Sep 2017 18:35:29 +0300
Source: qemu
Binary: qemu qemu-system qemu-block-extra qemu-system-common qemu-system-misc
qemu-system-arm qemu-system-mips qemu-system-ppc qemu-system-sparc
qemu-system-x86 qemu-user qemu-user-static qemu-user-binfmt qemu-utils
qemu-guest-agent qemu-kvm
Architecture: source
Version: 1:2.10.0+dfsg-1
Distribution: unstable
Urgency: medium
Maintainer: Debian QEMU Team <[email protected]>
Changed-By: Michael Tokarev <[email protected]>
Description:
qemu - fast processor emulator
qemu-block-extra - extra block backend modules for qemu-system and qemu-utils
qemu-guest-agent - Guest-side qemu-system agent
qemu-kvm - QEMU Full virtualization on x86 hardware
qemu-system - QEMU full system emulation binaries
qemu-system-arm - QEMU full system emulation binaries (arm)
qemu-system-common - QEMU full system emulation binaries (common files)
qemu-system-mips - QEMU full system emulation binaries (mips)
qemu-system-misc - QEMU full system emulation binaries (miscellaneous)
qemu-system-ppc - QEMU full system emulation binaries (ppc)
qemu-system-sparc - QEMU full system emulation binaries (sparc)
qemu-system-x86 - QEMU full system emulation binaries (x86)
qemu-user - QEMU user mode emulation binaries
qemu-user-binfmt - QEMU user mode binfmt registration for qemu-user
qemu-user-static - QEMU user mode emulation binaries (static version)
qemu-utils - QEMU utilities
Closes: 873851 873875 874606
Changes:
qemu (1:2.10.0+dfsg-1) unstable; urgency=medium
.
* remove blobs, to DFSG'ify it again (there's still
no source for some blobs included in upstream tarball)
There's no way to revert to 2-number version due to prev. upload
* update from upstream git (no changes but include date & commit-id):
multiboot-validate-multiboot-header-address-values-CVE-2017-14167.patch
* update previous changelog entry (fix bug/closes refs):
Closes: #873851, CVE-2017-13672
Closes: #874606, CVE-2017-14167
Closes: #873875, CVE-2017-13711
Checksums-Sha1:
496069cb7d0ef69199cc531b55312ad9a802ae2b 5529 qemu_2.10.0+dfsg-1.dsc
c08a48755d68d92f62f658b3715a0ceedf0a4823 7444976 qemu_2.10.0+dfsg.orig.tar.xz
ae09957a5f60b207f0b0677657b3a6a7d95dba55 74340 qemu_2.10.0+dfsg-1.debian.tar.xz
844339e5c8db3b0f7be92a81b29239d6facf5dd8 10792
qemu_2.10.0+dfsg-1_source.buildinfo
Checksums-Sha256:
164b55ac8bc59a9d5c78cbecb31c48288f4eda158feeb4e409494150ec589845 5529
qemu_2.10.0+dfsg-1.dsc
3cfdffeb8a468e9f107643b50de277bcf23a9175f8665054fece994890cf2dd1 7444976
qemu_2.10.0+dfsg.orig.tar.xz
da8ebed6fedcbd3472542ad457e303da2dc28f31b5a189dd73be3b97f7586d5b 74340
qemu_2.10.0+dfsg-1.debian.tar.xz
fc5f462c5f5a57c4848d726922bd076547c4bda2d0e3dad7590548145a23e873 10792
qemu_2.10.0+dfsg-1_source.buildinfo
Files:
86a78f6d29aa45bd23e53be1a184f7f9 5529 otherosfs optional qemu_2.10.0+dfsg-1.dsc
78acff0031aa6cfafb26163ab24024f4 7444976 otherosfs optional
qemu_2.10.0+dfsg.orig.tar.xz
8f86868219b00816f1445fb9241d0262 74340 otherosfs optional
qemu_2.10.0+dfsg-1.debian.tar.xz
98713a5ab25ec702ef81a907429baafe 10792 otherosfs optional
qemu_2.10.0+dfsg-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQFDBAEBCAAtFiEEe3O61ovnosKJMUsicBtPaxppPlkFAlnGf18PHG1qdEB0bHMu
bXNrLnJ1AAoJEHAbT2saaT5ZdRsH/09y6LcED95xrizSZ+p+cWv7Vjy8LcTL5hKW
4jpCEHsnigLWxss4BgAoC3q8GhJB8rw0E5+MYHvLF1r+I/rzDoLZ9sN0WNhHHNEe
ErX3YS2CWiEgrFHb2rbRFZsiIBNO/pMQBpkVt+lgR5jtfovr/kejXQ3LTwPPmAEe
p0kqvq8H/Djv8gyDs0shOPb/h1Q8/JFNmAnJmbr2PYcY1CnW62mFQ0T+jhYpVPcy
62MCU+BOt5gavzKRou83RiTX7hVNfRR2uZ82c7+/wY8yp/+ns7jKus1H1enPNer3
mm041+f/Gj6/MOZ4scYiQOcTm4DhfaGP2kPkDpvEizh99I9LBwM=
=krDC
-----END PGP SIGNATURE-----
--- End Message ---
