Your message dated Wed, 13 May 2020 10:19:04 +0000 with message-id <[email protected]> and subject line Bug#959746: fixed in qemu 1:5.0-5 has caused the Debian Bug report #959746, regarding qemu: CVE-2020-10717 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 959746: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959746 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Source: qemu Version: 1:5.0-4 Severity: important Tags: security upstream Hi, The following vulnerability was published for qemu. Unless mistaken this issue is introduced with upstream 01a6dc95ec7f ("virtiofsd: set maximum RLIMIT_NOFILE limit") in 5.0.0-rc0. CVE-2020-10717[0]: | virtiofsd: stay below fs.file-max sysctl value If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2020-10717 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10717 [1] https://www.openwall.com/lists/oss-security/2020/05/04/1 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: qemu Source-Version: 1:5.0-5 Done: Michael Tokarev <[email protected]> We believe that the bug you reported is fixed in the latest version of qemu, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [email protected], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Michael Tokarev <[email protected]> (supplier of updated qemu package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [email protected]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Wed, 13 May 2020 12:57:19 +0300 Source: qemu Architecture: source Version: 1:5.0-5 Distribution: unstable Urgency: medium Maintainer: Debian QEMU Team <[email protected]> Changed-By: Michael Tokarev <[email protected]> Closes: 959746 Changes: qemu (1:5.0-5) unstable; urgency=medium . * more binfmt-install updates * CVE-2020-10717 fix from upstream: virtiofsd-add-rlimit-nofile-NUM-option.patch (preparational) and virtiofsd-stay-below-fs.file-max-CVE-2020-10717.patch (Closes: #959746, CVE-2020-10717) * 2 patches from upstream/stable to fix io_uring fd set buildup: aio-posix-dont-duplicate-fd-handler-deletion-in-fdmon_io_uring_destroy.patch aio-posix-disable-fdmon-io_uring-when-GSource-is-used.patch * upstream stable fix: hostmem-dont-use-mbind-if-host-nodes-is-empty.patch * upstream stable fix: net-use-peer-when-purging-queue-in-qemu_flush_or_purge_queue_packets.patch Checksums-Sha1: d4480adcfdf02bcf30633d38f0c5dc700825edea 6800 qemu_5.0-5.dsc 8d58d228f40a86f4e43bdd7fcc2806c23c9c0772 89024 qemu_5.0-5.debian.tar.xz cd4da4f99d23ae8032344b4afb37a3ad87a1532e 9244 qemu_5.0-5_source.buildinfo Checksums-Sha256: 4303c8968fb1bb4a77685b96367edf739e8c315cce78895a608bdb96b1b4f761 6800 qemu_5.0-5.dsc acba381809781aa594e60389697a67f94c07707f2474e6c7207ed99401f2b9cf 89024 qemu_5.0-5.debian.tar.xz 6e074244ee4ac0d4f976f9ed2c06d416fce4825a42a3ecfd8e10ef833fb72925 9244 qemu_5.0-5_source.buildinfo Files: 17f5ce02b1c7d2621a86331adaea5c51 6800 otherosfs optional qemu_5.0-5.dsc e659a10b8f98be465b9f0bd01b25f380 89024 otherosfs optional qemu_5.0-5.debian.tar.xz 2174b2456c1e9d206deb9d9a61d86ece 9244 otherosfs optional qemu_5.0-5_source.buildinfo -----BEGIN PGP SIGNATURE----- iQFDBAEBCAAtFiEEe3O61ovnosKJMUsicBtPaxppPlkFAl67xU0PHG1qdEB0bHMu bXNrLnJ1AAoJEHAbT2saaT5ZwaIH/247mSiankkDQ3pAYivRKroOWqKUNMSAWFgL AMhTTJpmcGjx6dm+QGoydMq8AN2rVJ/ReofFKbXSxf9OhuuzbnxPxosgGoW5Kwe3 MwvS4kZ5ZwRYU/kJ7kw4wRW+0Ni+NKOj9kHO9Wca/RoPIKgriCLengfD5C357Eul 7DcxwdwKhG0LE8A4T3HxlqgiBZkQBNfuV4AkObFn5ysbnJnOoQiVbOkeHHLI9jRJ aCwb5cXhKxA+Nz4q4GsIHDSdJxfDrnetsfon+7wW1Zc54FO4YRDfG7rilG5qNWQD NBuCdfQR6MA1MLTm2SMaxntw4MdiDEYMmf+j+2pdv/ADiJLUCvg= =MZsL -----END PGP SIGNATURE-----
--- End Message ---
