Your message dated Thu, 19 Mar 2026 20:48:40 +0000
with message-id <[email protected]>
and subject line Bug#1129604: fixed in qemu 1:10.2.2+ds-1
has caused the Debian Bug report #1129604,
regarding qemu: CVE-2026-3195: virtio-snd: heap buffer overflow in
virtio_snd_pcm_in_cb (incomplete fix for CVE-2024-7730)
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1129604: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1129604
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: qemu
Version: 1:10.2.1+ds-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Control: found -1 1:10.0.7+ds-0+deb13u1
Control: found -1 1:10.0.2+ds-2+deb13u1
Hi,
The following vulnerability was published for qemu.
CVE-2026-3195[0]:
| virtio-snd: heap buffer overflow in virtio_snd_pcm_in_cb (incomplete
| fix for CVE-2024-7730)
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2026-3195
https://www.cve.org/CVERecord?id=CVE-2026-3195
[1]
https://lore.kernel.org/qemu-devel/[email protected]/
[2]
https://gitlab.com/qemu-project/qemu/-/commit/bcb53328aa70023f1405fade4e253e7f77567261
[3]
https://gitlab.com/qemu-project/qemu/-/commit/7994203bb1b83a6604f3ab00fe9598909bb66164
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: qemu
Source-Version: 1:10.2.2+ds-1
Done: Michael Tokarev <[email protected]>
We believe that the bug you reported is fixed in the latest version of
qemu, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michael Tokarev <[email protected]> (supplier of updated qemu package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 19 Mar 2026 23:33:29 +0300
Source: qemu
Architecture: source
Version: 1:10.2.2+ds-1
Distribution: unstable
Urgency: medium
Maintainer: Debian QEMU Team <[email protected]>
Changed-By: Michael Tokarev <[email protected]>
Closes: 1128478 1129604 1129605
Changes:
qemu (1:10.2.2+ds-1) unstable; urgency=medium
.
* new upstream stable/bugfix release
Closes: #1128478, CVE-2026-2243
Closes: #1129604, CVE-2026-3195
Closes: #1129605, CVE-2026-3196
Closes: CVE-2026-3842
* d/control: build utils on powerpc too
Checksums-Sha1:
fc74f031c47a95c69457237ccb740385fcef7c7d 10994 qemu_10.2.2+ds-1.dsc
be778eff6c116a36a29a490540bad5f81baa12db 38669728 qemu_10.2.2+ds.orig.tar.xz
acb3037befa79d02bdf0165a86aa138c9119cff7 127324 qemu_10.2.2+ds-1.debian.tar.xz
3cde88c1ad161c724723fe5e12a6b03e51e25e3e 8208 qemu_10.2.2+ds-1_source.buildinfo
Checksums-Sha256:
f1684b3aa5ec500c3389d346c6501dee45041ea91656c6556d4da9023b7987dd 10994
qemu_10.2.2+ds-1.dsc
be05230fe47a6937cd29f28f562932c8125f9c93c2a82c625198f7a4aa601dfb 38669728
qemu_10.2.2+ds.orig.tar.xz
ddf75aceab4f8f77374f3cb34fc97b41514895aeb293ce8b2ddd5e072bb0f5c0 127324
qemu_10.2.2+ds-1.debian.tar.xz
1fb292c9b8335232944c0ae9ed65444f3aa4720cb1317737dcb0bd270b321cbc 8208
qemu_10.2.2+ds-1_source.buildinfo
Files:
9779358a11dbeb946f0edd0d8eb53733 10994 otherosfs optional qemu_10.2.2+ds-1.dsc
824d4a6249599e9f05eacb4148b10469 38669728 otherosfs optional
qemu_10.2.2+ds.orig.tar.xz
5e42d3b941763a1be2d5d84a0211b166 127324 otherosfs optional
qemu_10.2.2+ds-1.debian.tar.xz
52778295bac49a6d13a4b4ae4df3679a 8208 otherosfs optional
qemu_10.2.2+ds-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
wsG7BAEBCgBvBYJpvF25CRCCqkokOx6UeEcUAAAAAAAeACBzYWx0QG5vdGF0aW9u
cy5zZXF1b2lhLXBncC5vcmfCSzMf3Dlp0DpOMvQTS86SY205zpjQ4HOe20+n4V4L
uxYhBGSqKrUx1WkDNmv++YKqSiQ7HpR4AAACvRAAsf+qEP2aBPYszivl6ouFm1dU
svVpHrDJwWE6kpZGxD0XbD+brIoSKfx9BEi9xqy0hyjMBzdgJvSAWOoT2YLy9CxJ
SOV371PhZAClmTruRWXTmE/UqAPtF+mohppEoUqMfzlSLRsA+Py+bsbJAn7BVMS8
AgMGpjDsI3zcOJyoZ0Ta5CbAm+xCMqwSUHX4Axn7sJYSnf9hzQFEZasW3/lW78qs
OWnTjPpSvw04fnBUz+r/psAkP6xacfaNA07RAG6RRaycN307DeF1gGBkVKAWBos8
E1bjrCm4CGYFhAIDvd713Bkc9WlipONyhfaUCPMcRCziaF7wFc0CHLbfpG87QNvA
D0al6/XKNp8NzE5QDub4sinqcp9FchDIV/RlcPebQbWLhDeXmbyxsUUPIWdfIffq
VHD0Jm9wXl1EDib9QcXhN/0ZGtEDyCkktaqUvfkeKP6906MyNQLZtYenyFYyG9ou
nqXwKR3Z700aMWhATxiEvVhkY6Rb4lFqC5xV9YAaWcCn+RNDT4DcB6y8gpJnyg4g
lSY5UnHgb23mxU8gy0JdHqvBLN6UWKBznGYefdogng5zxVqJheNpooZohTOLBmHv
m+5bMpSTbc0jUQ9B0zZzGZBc0OFNLG70Oimcszx4IrDolM9rbj0g8JLMGjkqfwi9
7Bxz5pIYeOGHjBQRHcI=
=e3s1
-----END PGP SIGNATURE-----
pgp3Ph_TeRe9O.pgp
Description: PGP signature
--- End Message ---
