Your message dated Thu, 19 Aug 2021 14:35:28 +0000
with message-id <[email protected]>
and subject line Bug#989996: fixed in libslirp 4.6.1-1
has caused the Debian Bug report #989996,
regarding libslirp: CVE-2021-3595
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
989996: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989996
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: libslirp
Version: 4.4.0-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>

Hi,

The following vulnerability was published for libslirp.

CVE-2021-3595[0]:
| An invalid pointer initialization issue was found in the SLiRP
| networking implementation of QEMU. The flaw exists in the tftp_input()
| function and could occur while processing a udp packet that is smaller
| than the size of the 'tftp_t' structure. This issue may lead to out-
| of-bounds read access or indirect host memory disclosure to the guest.
| The highest threat from this vulnerability is to data confidentiality.
| This flaw affects libslirp versions prior to 4.6.0.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2021-3595
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3595

Regards,
Salvatore

--- End Message ---
--- Begin Message ---
Source: libslirp
Source-Version: 4.6.1-1
Done: Michael Tokarev <[email protected]>

We believe that the bug you reported is fixed in the latest version of
libslirp, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Michael Tokarev <[email protected]> (supplier of updated libslirp package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Thu, 19 Aug 2021 16:39:43 +0300
Source: libslirp
Architecture: source
Version: 4.6.1-1
Distribution: unstable
Urgency: medium
Maintainer: Debian QEMU Team <[email protected]>
Changed-By: Michael Tokarev <[email protected]>
Closes: 989993 989994 989995 989996
Changes:
 libslirp (4.6.1-1) unstable; urgency=medium
 .
   * import v4.6.1 upstream release
     Closes: #989993, CVE-2021-3592
     Closes: #989994, CVE-2021-3593
     Closes: #989995, CVE-2021-3594
     Closes: #989996, CVE-2021-3595
   * Updated d/libslirp0.symbols with new symbols (from 4.5 release)
   * Updated Standards-Version to 4.6.0 (no changes)
   * Bump debhelper-compat to 13
   * Remove version from meson build-dependency (buster+)
Checksums-Sha1:
 d6a8260c7998f275710911a4a0d44a2d4cc91b48 1681 libslirp_4.6.1-1.dsc
 c74a0f1d342863723ece7b25725f78357d583c43 103050 libslirp_4.6.1.orig.tar.bz2
 46d3513b327c03af4b31a6c3cbdc11f1b5b91185 4048 libslirp_4.6.1-1.debian.tar.xz
 b891ce58978fdd67ae008aa98e43fe925fb5292c 6942 libslirp_4.6.1-1_source.buildinfo
Checksums-Sha256:
 0236b8b7a20bae5b8031413c07a0697663e226b460a0bfefa931b4996fbca3c4 1681 
libslirp_4.6.1-1.dsc
 3ee27347764c629e10228f7002dd22104e9cc21623d565dc0e7e57ed1b63a70e 103050 
libslirp_4.6.1.orig.tar.bz2
 69304ec0587ba7c3a6f839b2e1d21917d89d944d790a06987d4c0ebef8a0ca8d 4048 
libslirp_4.6.1-1.debian.tar.xz
 8abac09fd4a18b0caa6b2e7e20db9b61d02fec555737c72b2a8346c6b29a2e4e 6942 
libslirp_4.6.1-1_source.buildinfo
Files:
 c2c3dff0a7a28846f575f650f3b5d3ce 1681 net optional libslirp_4.6.1-1.dsc
 9883ac501592c1aac1539dad78111139 103050 net optional 
libslirp_4.6.1.orig.tar.bz2
 be443bd490a46762c0b64f170a286092 4048 net optional 
libslirp_4.6.1-1.debian.tar.xz
 b0655cdc12cebf9c1072c338a9a4d706 6942 net optional 
libslirp_4.6.1-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQFDBAEBCAAtFiEEe3O61ovnosKJMUsicBtPaxppPlkFAmEeX1YPHG1qdEB0bHMu
bXNrLnJ1AAoJEHAbT2saaT5Zh2wH/Rdti/7ORGrYBFtloICT9MkZII5oEycqfVb2
QN3mjkJvfZgKCfqE0RJDP6jJAVJ7eRzpjWbbbdoQlQDbcIoyvGcYEC6zjS2oFsXG
p0PfobRfevA4lXCEIbJHYs8Frx9MTFwvLg/5zfJf68X7uuV+XvWXrXtP6lHMVwdT
wJJ9LT7yV5/qyQt23OeOSoGMRjB1gDpuepujp7I9Cytakrlw5iagqMNdRMWWAa3J
a08J/B6TdqUSibFGPAWPwrZKeRRILT7yF2hiKyGm59XcBcFyaKG81WWYp2s3L4S2
NlAFnCJJChI/k4Rh19KzPDCp57SmCqLmlljvNCcQY7aPPKt4Tus=
=wIyQ
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to