Your message dated Fri, 13 Feb 2026 07:51:59 +0000
with message-id <[email protected]>
and subject line Bug#1123670: fixed in qemu 1:10.2.1+ds-1
has caused the Debian Bug report #1123670,
regarding qemu: CVE-2025-14876: Unbounded allocation in virtio-crypto
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1123670: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1123670
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: qemu
Version: 1:10.1.3+ds-1
Severity: important
Tags: security upstream
Forwarded:
https://lore.kernel.org/qemu-devel/[email protected]/T/#u
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Control: found -1 1:7.1+dfsg-1
Hi,
The following vulnerability was published for qemu.
CVE-2025-14876[0]:
| Unbounded allocation in virtio-crypto
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-14876
https://www.cve.org/CVERecord?id=CVE-2025-14876
[1]
https://lore.kernel.org/qemu-devel/[email protected]/T/#u
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: qemu
Source-Version: 1:10.2.1+ds-1
Done: Michael Tokarev <[email protected]>
We believe that the bug you reported is fixed in the latest version of
qemu, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michael Tokarev <[email protected]> (supplier of updated qemu package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 13 Feb 2026 10:30:07 +0300
Source: qemu
Architecture: source
Version: 1:10.2.1+ds-1
Distribution: unstable
Urgency: medium
Maintainer: Debian QEMU Team <[email protected]>
Changed-By: Michael Tokarev <[email protected]>
Closes: 1123670
Changes:
qemu (1:10.2.1+ds-1) unstable; urgency=medium
.
* new upstream stable/bugfix release
(Closes: #1123670, CVE-2025-14876)
* - fix-PIRQ-bounds-check-in-xen_physdev_map_pirq-CVE-2026-0665.patch
* remove ipxe from FIRMWAREPATH (needs ipxe from trixie and up)
Checksums-Sha1:
c2c6033a6b7843cb22bf1c45dfe00178fc90eb20 10978 qemu_10.2.1+ds-1.dsc
7019c8e118f118f0642eac872407bab250053073 38667288 qemu_10.2.1+ds.orig.tar.xz
7b4c666a4ec55c87387859c06e5366aadc09e00f 127252 qemu_10.2.1+ds-1.debian.tar.xz
ace520d737e1478c65447facb32017bd7eabfb6b 8184 qemu_10.2.1+ds-1_source.buildinfo
Checksums-Sha256:
6aae2d5fa5cd1fbce4f6b6d5c133788d3064f3c9682af566eddf62582f66396f 10978
qemu_10.2.1+ds-1.dsc
4f495c2a523f78f50cc83327cabf01e7e89c6b9a5d3d6cadd9e78de94b25c416 38667288
qemu_10.2.1+ds.orig.tar.xz
5079b747968be7a39abae1b6cb4b789cb6bc62998ede98abba23f27d9d2da2a0 127252
qemu_10.2.1+ds-1.debian.tar.xz
236c84df216bac2225a9f7795aa539c70dc78d281112b8483f90b18591eea67f 8184
qemu_10.2.1+ds-1_source.buildinfo
Files:
929400a5d6f0a71e4a6a5e83908a8898 10978 otherosfs optional qemu_10.2.1+ds-1.dsc
8cf83b01893baba5008b34cca7a45df9 38667288 otherosfs optional
qemu_10.2.1+ds.orig.tar.xz
524fe23d75ad3ffa8a974f0dc49629d5 127252 otherosfs optional
qemu_10.2.1+ds-1.debian.tar.xz
49f8c541dd73418c33df8372d16c13e5 8184 otherosfs optional
qemu_10.2.1+ds-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
wsG7BAEBCgBvBYJpjtOyCRCCqkokOx6UeEcUAAAAAAAeACBzYWx0QG5vdGF0aW9u
cy5zZXF1b2lhLXBncC5vcmea6rFSIvtxMhECy6d4riizXtsQqkEvkamAXfkMw9uz
ZBYhBGSqKrUx1WkDNmv++YKqSiQ7HpR4AABPQQ/+M1zy64UBDFAsciRPQpEzJEhw
88D0WH08OZGGa5/dnr67GByY0YjQ46pL07JnpyshL/GQLW6dXD2D6WLCw/KkiqwJ
Xi/TIT/PfZQAt/aZGiyhqkw9W6NhtB6lq10MnBW40iPD7nUnkfiS2bnoq6CZ6Vuw
UgQEzu3xosP2jrMNQcJlv5xU2zI6VpYuHX2z6Zf5w2Hc5FYEOz2YZlLbrKlUBDpk
ACetLi5RxyhzzqtprVtvHMtz8GYVfLCmQ+s3MRHSQjOSHqIHNlDZ0O/QsP97UmYW
DGuWZ3KEDfBKlf9dYfK49J0TGl2+axvU/NIKZU+CPAU2nF9IF/aqEf3K87UhzXeF
vl28WtQ7zz5YGePgCVESXDzayy0wQrciaILchkJMxZiwvHjwJp6dw6J/8dyvBPzG
OeyVAl8SLifaCiDc8bNuqimqF2gfXT3Dk+DyBEDSdFKv7Z/syzeUpkxggIdpOFrb
wD5p+dfO6TEEIbFr32ujoK/dkVVf8BlgzWh2RxBvhZAvBX2LT0izjPA6ywMtN2iw
ft44XKwvkWdcFV+fYdbujoYQd90vRvWS9rNvIUbyGdS9+m4LDQpWBnYJeSArqaJ9
IN+63UAjH8Wdp1sLsfKwwZbycxJAZzxoPod0IXmVDycJAIA3m/d5Wi8cRtrGm6t1
caerALOf12/JDlyOPpo=
=lS04
-----END PGP SIGNATURE-----
pgpNCnpODiykr.pgp
Description: PGP signature
--- End Message ---
