Your message dated Tue, 17 Aug 2021 15:22:25 +0000
with message-id <[email protected]>
and subject line Bug#991911: fixed in qemu 1:6.0+dfsg-3
has caused the Debian Bug report #991911,
regarding qemu: CVE-2021-3682: free call on invalid pointer in bufp_alloc()
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
991911: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991911
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: qemu
Severity: important
Tags: security upstream
Forwarded: https://gitlab.com/qemu-project/qemu/-/issues/491
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Control: found -1 1:5.2+dfsg-11
Control: found -1 1:3.1+dfsg-8+deb10u8
Control: found -1 1:3.1+dfsg-8
Hi,
The following vulnerability was published for qemu.
CVE-2021-3682[0]:
| usbredir: free call on invalid pointer in bufp_alloc()
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2021-3682
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3682
[1] https://gitlab.com/qemu-project/qemu/-/issues/491
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: qemu
Source-Version: 1:6.0+dfsg-3
Done: Michael Tokarev <[email protected]>
We believe that the bug you reported is fixed in the latest version of
qemu, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michael Tokarev <[email protected]> (supplier of updated qemu package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 17 Aug 2021 17:49:10 +0300
Source: qemu
Architecture: source
Version: 1:6.0+dfsg-3
Distribution: unstable
Urgency: medium
Maintainer: Debian QEMU Team <[email protected]>
Changed-By: Michael Tokarev <[email protected]>
Closes: 991911
Changes:
qemu (1:6.0+dfsg-3) unstable; urgency=medium
.
[ Michael Tokarev ]
* enable /run/qemu mount on ubuntu only
* usbredir-fix-free-call-CVE-2021-3682.patchi
Closes: #991911, CVE-2021-3682
.
[ Christian Ehrhardt ]
* ubuntu-only changes:
- d/control-in: Make Ubuntu qemu-utils depend on qemu-block-extra
- d/control-in: Make Ubuntu qemu-system-common depend on qemu-block-extra
- d/control*, d/rules: disable xen by default, but provide universe package
qemu-system-x86-xen as alternative
* d/p/target-s390x-Fix-translation-exception-on-illegal-in.patch:
avoid segfaults by uretprobes (LP 1929926)
Checksums-Sha1:
ee4e255fd481853bc74196c8dd45aadf3351d38c 6622 qemu_6.0+dfsg-3.dsc
18fe77acb0f566af1469b45b080225c63076deea 98044 qemu_6.0+dfsg-3.debian.tar.xz
3cae008779a4e43b6c73eecbe038afe3d0d83f07 9652 qemu_6.0+dfsg-3_source.buildinfo
Checksums-Sha256:
c1236d82aed3e027c3496c76a19fcc5e192c5018a35907bd27f29226d14a974a 6622
qemu_6.0+dfsg-3.dsc
eed5b9a1a34b9b313a9abfe9e48aa68192420312899967bd64c5f66eaf9dd47c 98044
qemu_6.0+dfsg-3.debian.tar.xz
766bebecd9da1a5a981381ad8708ddc305a7f609972ab8d59bb87a78a04e641a 9652
qemu_6.0+dfsg-3_source.buildinfo
Files:
bfbf65c011ec90d6d09c947206c5b828 6622 otherosfs optional qemu_6.0+dfsg-3.dsc
f2c8086c860c423b17283d531a4f29a8 98044 otherosfs optional
qemu_6.0+dfsg-3.debian.tar.xz
16b1ef0d1c191207f56c819f66570107 9652 otherosfs optional
qemu_6.0+dfsg-3_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQFDBAEBCAAtFiEEe3O61ovnosKJMUsicBtPaxppPlkFAmEbza0PHG1qdEB0bHMu
bXNrLnJ1AAoJEHAbT2saaT5ZpsgH+QEajqj27z/w9xgTr/oiDcM9pQO9fOD4JEVp
NOCmucmtjn9OE2orhOkGUnXtLOgC6jeqH0e7bXHsv1X9v9xKZJ9n928xCpSgJvLs
4bYc3d+4p9Ms2SSxeM3qS67Sos5DE2BKCbewKy1FZYyfUSkdXNLquBhXHUX0TOXR
QbGeKNI9kWA4B6qY+Y4/1I0wFfPXXkngbzl4WPOSmxKAWv40UVmWqp/tuG8TP3bX
vr28ALqO4aN2DctBKW1XZkTGNM8Rk96Qq189Bt05mA+qRYJdsep+eWFjyO1XDwUJ
gnccxmE89bdW3Mh881Qvb0AoDeqjylJt1tDiosNqzSLxqo/l2Oc=
=7kxB
-----END PGP SIGNATURE-----
--- End Message ---