Your message dated Thu, 01 Jan 2026 22:02:33 +0000
with message-id <[email protected]>
and subject line Bug#1117153: fixed in qemu 1:7.2+dfsg-7+deb12u18
has caused the Debian Bug report #1117153,
regarding qemu: CVE-2025-11234 (VNC Websocket: use-after-free when websocket is
closed early)
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1117153: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117153
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: qemu
Version: 1:10.1.0+ds-5
Severity: important
Tags: security upstream
Forwarded:
https://lists.nongnu.org/archive/html/qemu-devel/2025-09/msg06566.html
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for qemu.
CVE-2025-11234[0]:
| A flaw was found in QEMU. If the QIOChannelWebsock object is freed
| while it is waiting to complete a handshake, a GSource is leaked.
| This can lead to the callback firing later on and triggering a use-
| after-free in the use of the channel. This can be abused by a
| malicious client with network access to the VNC WebSocket port to
| cause a denial of service during the WebSocket handshake prior to
| the VNC client authentication.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-11234
https://www.cve.org/CVERecord?id=CVE-2025-11234
[1] https://lists.nongnu.org/archive/html/qemu-devel/2025-09/msg06566.html
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: qemu
Source-Version: 1:7.2+dfsg-7+deb12u18
Done: Michael Tokarev <[email protected]>
We believe that the bug you reported is fixed in the latest version of
qemu, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michael Tokarev <[email protected]> (supplier of updated qemu package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 16 Dec 2025 09:10:19 +0300
Source: qemu
Architecture: source
Version: 1:7.2+dfsg-7+deb12u18
Distribution: bookworm
Urgency: medium
Maintainer: Debian QEMU Team <[email protected]>
Changed-By: Michael Tokarev <[email protected]>
Closes: 1117153
Changes:
qemu (1:7.2+dfsg-7+deb12u18) bookworm; urgency=medium
.
* v7.2.22:
- Update version for 7.2.22 release
- hw/misc/npcm_clk: Don't divide by zero when calculating frequency
- hw/display/xlnx_dp: Don't abort for unsupported graphics formats
- hw/display/xlnx_dp.c: Don't abort on AUX FIFO overrun/underrun
- net: pad packets to minimum length in qemu_receive_packet()
- hw/net/e1000e_core: Adjust
e1000e_write_payload_frag_to_rx_buffers() assert
- hw/net/e1000e_core: Correct rx oversize packet checks
- hw/net/e1000e_core: Don't advance desc_offset
for NULL buffer RX descriptors
- qio: Protect NetListener callback with mutex
- qio: Remember context of qio_net_listener_set_client_func_full
- qio: Unwatch before notify in QIONetListener
- qio: Add trace points to net_listener
- block/curl.c: Fix CURLOPT_VERBOSE parameter type
- block/curl.c: Use explicit long constants in curl_easy_setopt calls
- crypto: stop requiring "key encipherment" usage in x509 certs
- io: fix use after free in websocket handshake code
Closes: #1117153, CVE-2025-11234 (UAF in websocket handshake code)
- io: move websock resource release to close method
- io: release active GSource in TLS channel finalizer
- io: add trace event when cancelling TLS handshake
- linux-user: permit sendto() with NULL buf and 0 len
- linux-user: Use correct type for FIBMAP and FIGETBSZ emulation
- target/i386: user: do not set up a valid LDT on reset
- async: access bottom half flags with qatomic_read
- i386/tcg/smm_helper: Properly apply DR values on SMM entry / exit
- i386/cpu: Prevent delivering SIPI during SMM in TCG mode
- target/i386: Fix CR2 handling for non-canonical addresses
* v7.2.21:
- Update version for 7.2.21 release
- ui/icons/qemu.svg: Add metadata information (author, license) to the logo
- hw/usb/hcd-uhci: don't assert for SETUP to non-0 endpoint
- tests/tcg/multiarch: Add tb-link test
- accel/tcg: Properly unlink a TB linked to itself
- multiboot: Fix the split lock
- python/qemu/machine: use socketpair() for QMP by default
- python/qmp/legacy: make QEMUMonitorProtocol accept a socket
- python/qmp/protocol: add open_with_socket()
- python/machine: Fix AF_UNIX path too long on macOS
- use fedora:37 for python container instead of :latest
- hw/usb/network: Remove hardcoded 0x40 prefix in STRING_ETHADDR response
- tests: Ensure TAP version is printed before other messages
- tests/qtest: Do not run lsi53c895a test if device is not present
- Revert "tests/qtest: use qos_printf instead of g_test_message"
- vhost-user-test: no set non-blocking for cal fd less than 0.
- tests: vhost-user-test: release mutex on protocol violation
- .gitmodules: move u-boot mirrors to qemu-project-mirrors
- hw/usb/hcd-ohci: Fix #1510, #303: pid not IN or OUT
Checksums-Sha1:
28c0f8bc033d37761bc6e764f3257c685ada0bb7 6909 qemu_7.2+dfsg-7+deb12u18.dsc
118f2f821635e9c65225f1224c899af0e23c88fd 405636
qemu_7.2+dfsg-7+deb12u18.debian.tar.xz
d89b12c3e6bebc61f8e2d50ab11010ead7205862 17167
qemu_7.2+dfsg-7+deb12u18_source.buildinfo
Checksums-Sha256:
6b6bd27b947ec89e40a1d6b26d9c9f3c698ca691da13163e0483f6061bbb20b3 6909
qemu_7.2+dfsg-7+deb12u18.dsc
28a1c86310ee53b6bf1854cffe6f6be6ed29a08db7d05759f8ac57b8d6a6cb2f 405636
qemu_7.2+dfsg-7+deb12u18.debian.tar.xz
2c194afe7f1ed9ab94cd5d2a4f931a3af9e63fac93c1dc211f159f5f0fce5e8d 17167
qemu_7.2+dfsg-7+deb12u18_source.buildinfo
Files:
6543caea50faf600eb89fba2dc138327 6909 otherosfs optional
qemu_7.2+dfsg-7+deb12u18.dsc
b89e0b748d63be48ebe516a2437ca6eb 405636 otherosfs optional
qemu_7.2+dfsg-7+deb12u18.debian.tar.xz
c0af7679e6b4a05607ae41030fa0b965 17167 otherosfs optional
qemu_7.2+dfsg-7+deb12u18_source.buildinfo
-----BEGIN PGP SIGNATURE-----
wsG7BAEBCgBvBYJpVqq2CRCCqkokOx6UeEcUAAAAAAAeACBzYWx0QG5vdGF0aW9u
cy5zZXF1b2lhLXBncC5vcmeN7R+ngQ+s7B9KHuHI9qrGuXCV/P0WHhzfbzuRGLk1
HRYhBGSqKrUx1WkDNmv++YKqSiQ7HpR4AAAcJw//ZPMzayILC2npqNS4LNnct9Rf
tD4aWT2FEbG7ON+X6f5zo9ZxABgV2OX/RwgRe32U94hQ/pxVfepfZgkcB83SZfHT
o0NqqwUoXGBMtkxxgBpmXrD9Uj43EolKtpDM9kZNFHswM25Hf48irWot/UMALZEi
/DzIlGP4muxDxa434F1h4C69Wj/SwG+Lhk8rtmOnLPq4oPdeW5w9bmisTLMNHnBP
QOyzaXcnODPv0haBHAWG3Nzp4yN+vPMPsq9bD7lScFe6zTQE6RDV9QfB/zKUL9yD
rkl7ALz4EUzOcka0PnNqyS5yi7gN+CAPzhQagrA+Ii2UC2cxBgOh5ImRmX6Nc5uk
yU3yVwARlqEvuTgnBFYDBcI6HTbShWLLBVVQaYxzbGZFXDnj7q6gmffNDnwW2bDy
LD7tVQxQ8bbLSPzVBmqqbJoPhQfKMD+tmklmneBOwh7SjtoLbkDJEOJwUtdaiECs
0ZxK1LKm51tGn17VZNDC5FhtH2w4FYfHz5uvny0RFhJnUdLexmOs9+dRuT8mZwyU
UAnxxQgjcvNoFeFUI25kf7Th6Oq43Sfte02yvjfZwb/sxvOQ1YpGaY9QcAICPANA
6cn3MjZnrq/JqlyXWb3WJV7Q/JB85yT3PL+Wvl1RrpEYzNgcsFa3+GC6fbhe4ySg
+g8XgMEPyqzg92nHAmY=
=wjJh
-----END PGP SIGNATURE-----
pgpOhYW5hFHC9.pgp
Description: PGP signature
--- End Message ---
