Your message dated Wed, 16 May 2007 05:32:03 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#424070: fixed in qemu 0.9.0-2
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: qemu
Version: 0.8.2-5
Severity: grave
Tags: security
Justification: user security hole
There has been a DSA for qemu
http://www.debian.org/security/2007/dsa-1284
but the issues are still unfixed in unstable and testing.
--- End Message ---
--- Begin Message ---
Source: qemu
Source-Version: 0.9.0-2
We believe that the bug you reported is fixed in the latest version of
qemu, which is due to be installed in the Debian FTP archive:
qemu_0.9.0-2.diff.gz
to pool/main/q/qemu/qemu_0.9.0-2.diff.gz
qemu_0.9.0-2.dsc
to pool/main/q/qemu/qemu_0.9.0-2.dsc
qemu_0.9.0-2_i386.deb
to pool/main/q/qemu/qemu_0.9.0-2_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Guillem Jover <[EMAIL PROTECTED]> (supplier of updated qemu package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Wed, 16 May 2007 08:08:31 +0300
Source: qemu
Binary: qemu
Architecture: source i386
Version: 0.9.0-2
Distribution: unstable
Urgency: high
Maintainer: Debian QEMU Team <[EMAIL PROTECTED]>
Changed-By: Guillem Jover <[EMAIL PROTECTED]>
Description:
qemu - fast processor emulator
Closes: 411780 411910 412212 414799 414809 419170 424070
Changes:
qemu (0.9.0-2) unstable; urgency=high
.
[ Guillem Jover ]
* Fix several security issues. (Closes: #424070)
Thanks to Tavis Ormandy <[EMAIL PROTECTED]>.
- Cirrus LGD-54XX "bitblt" heap overflow. CVE-2007-1320
- NE2000 "mtu" heap overflow.
- QEMU "net socket" heap overflow.
- QEMU NE2000 "receive" integer signedness error. CVE-2007-1321
- Infinite loop in the emulated SB16 device.
- Unprivileged "aam" instruction does not correctly handle the
undocumented divisor operand. CVE-2007-1322
- Unprivileged "icebp" instruction will halt emulation. CVE-2007-1322
- debian/patches/90_security.patch: New file.
* Enable adlib audio emulation. (Closes: #419170)
* Fix structure padding for target_eabi_flock64 when built for a 64 bit
architecture. (Closes: #414799)
Thanks to Stuart Anderson <[EMAIL PROTECTED]>.
- debian/patches/44_arm_eabi_built_on_64bit_arches.patch: New file.
* Fix qemu to be able to use LinuxBios. (Closes: #412212)
Thanks to Ed Swierk <[EMAIL PROTECTED]>.
- debian/patches/50_linuxbios_isa_bios_ram.patch: New file.
- 51_linuxbios_piix_ram_size.patch: Likewise.
* Fix segfault when booting a Linux kernel w/o a disk image, by not exiting
but clarifying the message, as to use '/dev/null'. (Closes: #411780)
Thanks to Robert Millan <[EMAIL PROTECTED]>.
- debian/patches/05_non-fatal_if_linux_hd_missing.patch: Updated.
* Fix segfault by using addrlen instead of target_addrlen in
do_getpeername()/do_getsockname(). (Closes: #411910)
Thanks to Stuart Anderson <[EMAIL PROTECTED]>.
- debian/patches/35_syscall_sockaddr.patch: Updated.
* Fix semctl() for 32 bit targets on 64 bit hosts. (Closes: #414809)
Thanks to Stuart Anderson <[EMAIL PROTECTED]>.
- debian/patches/38_syscall_semctl.patch: New file.
* Remove Elrond from Uploaders with consent, always welcome to join
back anytime.
Files:
b0efbea7fcd880e1719e0f256de99883 1105 misc optional qemu_0.9.0-2.dsc
bd9bb50493fc6f49fbb17fa438e43e21 63449 misc optional qemu_0.9.0-2.diff.gz
4e1ccf6726037f96b0e92a8064439249 4246062 misc optional qemu_0.9.0-2_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFGSpViuW9ciZ2SjJsRAk1aAKCYQ5pwUwhV+Aah1qB0uzvJ01JmtgCghG03
gQRP830zze+9YYsgCgX1ylc=
=WDt/
-----END PGP SIGNATURE-----
--- End Message ---
