Your message dated Sun, 18 Sep 2022 19:54:51 +0300
with message-id <[email protected]>
and subject line Re: qemu: CVE-2021-3507
has caused the Debian Bug report #987410,
regarding qemu: CVE-2021-3507: fdc: heap buffer overflow in DMA read data
transfers
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
987410: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987410
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: qemu
Version: 1:5.2+dfsg-10
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Control: found -1 1:5.2+dfsg-9
Hi,
The following vulnerability was published for qemu, filling for
tracking the issue. The report originates from [1], afaict there is no
upstream fix yet.
CVE-2021-3507[0]:
| fdc: heap buffer overflow in DMA read data transfers
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2021-3507
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3507
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1951118
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Version: 1:7.1+dfsg-1
On Fri, 23 Apr 2021 14:56:45 +0200 Salvatore Bonaccorso <[email protected]>
wrote:
Source: qemu
Version: 1:5.2+dfsg-10
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Control: found -1 1:5.2+dfsg-9
Hi,
The following vulnerability was published for qemu, filling for
tracking the issue. The report originates from [1], afaict there is no
upstream fix yet.
CVE-2021-3507[0]:
| fdc: heap buffer overflow in DMA read data transfers
This is fixed by upstream 7.1.0 release by commit
defac5e2fbddf8423a354ff0454283a2115e1367.
I forgot to mention this in the 7.0+dfsg-1 upload.
/mjt
--- End Message ---
