Your message dated Tue, 27 Aug 2019 10:25:04 +0000
with message-id <[email protected]>
and subject line Bug#931351: fixed in qemu 1:4.1-1
has caused the Debian Bug report #931351,
regarding qemu: CVE-2019-13164: qemu-bridge-helper ACL bypassed with long
interface names
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
931351: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931351
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: qemu
Version: 1:3.1+dfsg-8
Severity: important
Tags: security upstream
Forwarded: https://lists.gnu.org/archive/html/qemu-devel/2019-07/msg00245.html
Control: found -1 1:3.1+dfsg-8~deb10u1
Hi,
The following vulnerability was published for qemu.
CVE-2019-12164[0]:
qemu-bridge-helper ACL bypassed with long interface names
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2019-12164
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12164
[1] https://lists.gnu.org/archive/html/qemu-devel/2019-07/msg00245.html
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: qemu
Source-Version: 1:4.1-1
We believe that the bug you reported is fixed in the latest version of
qemu, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michael Tokarev <[email protected]> (supplier of updated qemu package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 27 Aug 2019 12:43:43 +0300
Source: qemu
Architecture: source
Version: 1:4.1-1
Distribution: unstable
Urgency: medium
Maintainer: Debian QEMU Team <[email protected]>
Changed-By: Michael Tokarev <[email protected]>
Closes: 897054 916442 922461 922923 927924 931351 933741 935324
Changes:
qemu (1:4.1-1) unstable; urgency=medium
.
* new upstream release v4.1
Closes: #933741, CVE-2019-14378 (slirp buff overflow in packet reassembly)
(use internal slirp copy for now)
Closes: #931351, CVE-2019-13164 (qemu-bridge-helper long IFNAME)
Closes: #922923, CVE-2019-8934 (ppc64 emulator leaks hw identity)
Closes: #916442, CVE-2018-20123 (pvrdma memory leak in device hotplug)
Closes: #922461, CVE-2018-20124 (pvrdma num_sge can exceed MAX_SGE)
Closes: #927924 (new upstream version)
Closes: #897054 (AMD Zen CPU support)
Closes: #935324 (FTBFS due to gluster API change)
Closes: #916442, CVE-2018-20123 (pvrdma: memleak after init error)
Closes: #922461, CVE-2018-20124 (pvrdma: OOB access with large num_sge)
Closes: CVE-2018-20125 (pvrdma: DoS in create_cq_ring|create_qp_rings)
Closes: CVE-2018-20126 (pvrdma: memleaks in create_cq_ring|create_qp_rings)
Closes: CVE-2018-20191 (pvrdma: DoS due to missing read operation impl.)
Closes: CVE-2018-20216 (pvrdma: infinite loop in pvrdma_dev_ring.c)
* remove patches which are applied upstream, refresh remaining patches
(bt-use-size_t-...-CVE-2018-19665.patch hasn't been applied upstream,
bluetooth subsystem is going to be removed, we keep it for now)
* debian/source/options: ignore slirp/ submodule
* use python3 for building, not python
* debian/optionrom.mk: add pvh.bin
* switch from libssh2 to libssh, and enable libssh support in ubuntu
* bump spice version requiriment to 0.12.5
* enable pvrdma
* debian/control-in: remove reference to libsdl
* debian/rules: add new objects for s390-ccw fw
* debian/control: add build dependency on python3-sphinx for docs
* install ui/icons/qemu.svg and qemu.desktop
* debian/rules: remove pc-bios/bamboo.dtb before building it
* install vhost-user-gpu binary and 50-qemu-gpu.json
* debian/rules: remove old maintscript-helper invocations, not needed anymore
* remove +dfsg for now, upload whole upstream source, will trim it later
Checksums-Sha1:
0981c2f6e35546d7787d6ea4b4c36faf4ac47345 6102 qemu_4.1-1.dsc
29c99be326cd8f3b2b75d7fec9066ca24854df1e 54001708 qemu_4.1.orig.tar.xz
ab5d0e86ae09511987cb5c12d5f14d63b97f0436 81024 qemu_4.1-1.debian.tar.xz
661143f9f74ff573da87191fbaf31558107cce60 7970 qemu_4.1-1_source.buildinfo
Checksums-Sha256:
63f844d4d43d8933e80fc4c10e6293253fb7947ca8bd3319621f499d12f992b8 6102
qemu_4.1-1.dsc
656e60218689bdeec69903087fd7582d5d3e72238d02f4481d8dc6d79fd909c6 54001708
qemu_4.1.orig.tar.xz
f701f2e6e8cd758ea4ecf422a351f72984ed6a4a873148ddf512a9cd29cf83de 81024
qemu_4.1-1.debian.tar.xz
3846ef36a892b02b5cacb4c391acaa14a1fb2eb9941f64245b03df4b1f5314c4 7970
qemu_4.1-1_source.buildinfo
Files:
2d0f3096e4f77a06577d6e9edcc50a37 6102 otherosfs optional qemu_4.1-1.dsc
cdf2b5ca52b9abac9bacb5842fa420f8 54001708 otherosfs optional
qemu_4.1.orig.tar.xz
687c7663a5982d46f6edc3389ec35f3f 81024 otherosfs optional
qemu_4.1-1.debian.tar.xz
2ec5b4b58509a2c4743cfc5f66c298dd 7970 otherosfs optional
qemu_4.1-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQFDBAEBCAAtFiEEe3O61ovnosKJMUsicBtPaxppPlkFAl1k+7EPHG1qdEB0bHMu
bXNrLnJ1AAoJEHAbT2saaT5ZyhsIAI0tiZRWnNZAuJuq7a910TPt0eyLmsagec9q
xuC8iJQalRipvWgQ9NIYLQ8dIbKGi7BZVx7xDt/u0pIRbvj4K2ugyBXVhCEH1Oeb
mTvh64xrk1CXVvz63RVdqmQoYOnqe7kqZu6yFUgkcdyoQjovBvopJz4fGn5wqXwE
zkM0MoojF+MlhRKBbyw0G8pxcQy6yB94Us/3XzmOXRmEP6Ou02cebIQDAxGu0P9j
F8n0xTsMMI/tlgStnlbCW7g/X4hG2UK86M11yzRCIRvtmVsqK9tHcTM4YWV4R6XI
GkrMh2skttrWsqYw0Uj08mTjwlT2VRE4NQ0xBA4hmAGVv5TIr1U=
=CksG
-----END PGP SIGNATURE-----
--- End Message ---
