Bug#744221: marked as done (CVE-2014-0150: guest-triggerable buffer overrun in virtio-net)

Fri, 11 Apr 2014 10:27:46 -0700 

Your message dated Fri, 11 Apr 2014 17:24:27 +0000
with message-id <[email protected]>
and subject line Bug#744221: fixed in qemu 1.7.0+dfsg-7
has caused the Debian Bug report #744221,
regarding CVE-2014-0150: guest-triggerable buffer overrun in virtio-net
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
744221: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=744221
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Source: qemu
Version: 0.6.1-1
Severity: grave
Tags: security patch upstream squeeze wheezy jessie sid

This is a guest-triggerable buffer overrun in virtio-net device in qemu.
The relevant code has been added to qemu in version 0.6, which means it
is in all versions of debian.  The network device is one of the most
important network devices which qemu implements, so impact might be
very high.

Upstream commit fixing this issue:
 http://thread.gmane.org/gmane.comp.emulators.qemu/266713

Thanks,

/mjt

--- End Message ---
--- Begin Message --- 
Source: qemu
Source-Version: 1.7.0+dfsg-7

We believe that the bug you reported is fixed in the latest version of
qemu, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Michael Tokarev <[email protected]> (supplier of updated qemu package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Fri, 11 Apr 2014 20:27:16 +0400
Source: qemu
Binary: qemu qemu-keymaps qemu-system qemu-system-common qemu-system-misc 
qemu-system-arm qemu-system-mips qemu-system-ppc qemu-system-sparc 
qemu-system-x86 qemu-user qemu-user-static qemu-utils qemu-guest-agent qemu-kvm
Architecture: source amd64 all
Version: 1.7.0+dfsg-7
Distribution: unstable
Urgency: high
Maintainer: Debian QEMU Team <[email protected]>
Changed-By: Michael Tokarev <[email protected]>
Description: 
 qemu       - fast processor emulator
 qemu-guest-agent - Guest-side qemu-system agent
 qemu-keymaps - QEMU keyboard maps
 qemu-kvm   - QEMU Full virtualization on x86 hardware (transitional package)
 qemu-system - QEMU full system emulation binaries
 qemu-system-arm - QEMU full system emulation binaries (arm)
 qemu-system-common - QEMU full system emulation binaries (common files)
 qemu-system-mips - QEMU full system emulation binaries (mips)
 qemu-system-misc - QEMU full system emulation binaries (miscelaneous)
 qemu-system-ppc - QEMU full system emulation binaries (ppc)
 qemu-system-sparc - QEMU full system emulation binaries (sparc)
 qemu-system-x86 - QEMU full system emulation binaries (x86)
 qemu-user  - QEMU user mode emulation binaries
 qemu-user-static - QEMU user mode emulation binaries (static version)
 qemu-utils - QEMU utilities
Closes: 744221
Changes: 
 qemu (1.7.0+dfsg-7) unstable; urgency=high
 .
   * fix guest-triggerable buffer overrun in virtio-net device
     (Closes: #744221 CVE-2014-0150)
Checksums-Sha1: 
 212d82132bc0addc57298474c6b82618493a79a3 3280 qemu_1.7.0+dfsg-7.dsc
 52f9f2aa289761457a2f09112fae4320d4f6a9fa 82988 qemu_1.7.0+dfsg-7.debian.tar.xz
 a4f497ec3d9fb410134544abf29191ff9005d361 205432 qemu_1.7.0+dfsg-7_amd64.deb
 4ca565311fce51975fbcadb9cd24a97b760a0fd9 56830 
qemu-keymaps_1.7.0+dfsg-7_all.deb
 e08a251de24b81025fbcb51ebbe36298363d5995 45210 
qemu-system_1.7.0+dfsg-7_amd64.deb
 bb8f88702b2184a77d3b645a0d8df941ab8be8bb 184368 
qemu-system-common_1.7.0+dfsg-7_amd64.deb
 12ba3b90438ad0c5655f770664bf34227d999e5e 4880766 
qemu-system-misc_1.7.0+dfsg-7_amd64.deb
 5cc0f94db7f11a6836193b27f6192e4e1c68a9d6 1658624 
qemu-system-arm_1.7.0+dfsg-7_amd64.deb
 791928d2b5c503c9e27ef8088832afbc5d69b0b1 2722956 
qemu-system-mips_1.7.0+dfsg-7_amd64.deb
 76628e3689686121ace0ea084e28c3ecfccf7b87 2547618 
qemu-system-ppc_1.7.0+dfsg-7_amd64.deb
 d70d24fd22f480a8b58f0dfd62ac079bb3c62981 1603410 
qemu-system-sparc_1.7.0+dfsg-7_amd64.deb
 df1652ab6c6db236ae99d8d0816cbac341f70d3d 1975052 
qemu-system-x86_1.7.0+dfsg-7_amd64.deb
 77d1133163828423cf44650877ae793954f88216 4868736 
qemu-user_1.7.0+dfsg-7_amd64.deb
 1d96119e72c369eb91e59458e550b45faff2da00 7329142 
qemu-user-static_1.7.0+dfsg-7_amd64.deb
 7fd17c46c2af552083ddbdb5fb584d92e1fc8236 435700 
qemu-utils_1.7.0+dfsg-7_amd64.deb
 a92d4fe9c0b9cbac7cfd36f2a6d9948567a600c0 129292 
qemu-guest-agent_1.7.0+dfsg-7_amd64.deb
 9b149d041f9af7fe4e7dfb772f44cb9cfd55f68b 46196 qemu-kvm_1.7.0+dfsg-7_amd64.deb
Checksums-Sha256: 
 0712dfbeadd40d034f38a3f33747c859206ef8645bfdc0c436db31d0ec104dbb 3280 
qemu_1.7.0+dfsg-7.dsc
 49723784b9555ff7925deeab6269d46a1d26a4aba2d920c95bbb743bfba2a63a 82988 
qemu_1.7.0+dfsg-7.debian.tar.xz
 9af18c2eae41a947133504c451628ddf9b1000fed6b893fe58c92f63c9a944ae 205432 
qemu_1.7.0+dfsg-7_amd64.deb
 edf7ad7952bde47daee0eab13a7792d23ebfa270670440b7b6bbd726f397984f 56830 
qemu-keymaps_1.7.0+dfsg-7_all.deb
 0f2955817f9676bd22e7bd426f13ea274077d382265498bd40a73b9fee5c4371 45210 
qemu-system_1.7.0+dfsg-7_amd64.deb
 f4e915fbbbd716f0e9039bc80019676ef0e64e4e99a60ffbaf1ae90a1b6d5abb 184368 
qemu-system-common_1.7.0+dfsg-7_amd64.deb
 540de9a2b04ce4e9c5302f4846070c7f23de855496c30d499126e6e3e069543f 4880766 
qemu-system-misc_1.7.0+dfsg-7_amd64.deb
 7c03d7b0c4cb0dec453db3c2718fa89b3f7f227bf88214c2a8ad2cad51daa19c 1658624 
qemu-system-arm_1.7.0+dfsg-7_amd64.deb
 8480afd636f3a67eb58976f024973f0c604feb0c629b95287459808f44afb5ee 2722956 
qemu-system-mips_1.7.0+dfsg-7_amd64.deb
 8e48a8040964d827c74a894a6dcf12a123c8e4f4e4bc14e16da2fc7386535ff3 2547618 
qemu-system-ppc_1.7.0+dfsg-7_amd64.deb
 76c204ce7ba9756f3ab983ce0b955515703bc87e1af29779c20ddbe3dec2fd73 1603410 
qemu-system-sparc_1.7.0+dfsg-7_amd64.deb
 ef995afb01ce1014f401ead64748606dabe4a3f92fcf41fba3824f84fa93907f 1975052 
qemu-system-x86_1.7.0+dfsg-7_amd64.deb
 d2790461cfa31b3b391d395bab412e029cc2e51ab56e58faaf302866e352726e 4868736 
qemu-user_1.7.0+dfsg-7_amd64.deb
 4ac2f16c5388efbf09e5f87f66ef6c60676ae0ef136e125c6c12cb9be43f4045 7329142 
qemu-user-static_1.7.0+dfsg-7_amd64.deb
 92e68a12f56b4d3a643db26d537470c4f225b81d6af5af0f353b012181fb140b 435700 
qemu-utils_1.7.0+dfsg-7_amd64.deb
 5d824cccd7dbc9e17800ed97c76f8f39c04eb6f36a4e7862a2b11014a5b97220 129292 
qemu-guest-agent_1.7.0+dfsg-7_amd64.deb
 08d0f8d342f2e2906bdcfc8f84ad7b5a2ee40e1bebe6bd2d4c02d0599e1ade52 46196 
qemu-kvm_1.7.0+dfsg-7_amd64.deb
Files: 
 e773d1004516b1d45c1a6f6fcbdaa834 3280 otherosfs optional qemu_1.7.0+dfsg-7.dsc
 6b1338fd2366856d949e2698707f4a0c 82988 otherosfs optional 
qemu_1.7.0+dfsg-7.debian.tar.xz
 81f4b964a5b54caa5572f72d5fbb34a6 205432 otherosfs optional 
qemu_1.7.0+dfsg-7_amd64.deb
 08e1f5f48201ff721933efb7339fae0c 56830 otherosfs optional 
qemu-keymaps_1.7.0+dfsg-7_all.deb
 fb580abe4684e554661505459fce3821 45210 otherosfs optional 
qemu-system_1.7.0+dfsg-7_amd64.deb
 e9c6a8ccbfba9612883431803d381b46 184368 otherosfs optional 
qemu-system-common_1.7.0+dfsg-7_amd64.deb
 eafe6172c59d8abe75baa256f4f3a002 4880766 otherosfs optional 
qemu-system-misc_1.7.0+dfsg-7_amd64.deb
 f8f5129b065a1465a22d793097724aa4 1658624 otherosfs optional 
qemu-system-arm_1.7.0+dfsg-7_amd64.deb
 904217c4657e82013e717517ea31a735 2722956 otherosfs optional 
qemu-system-mips_1.7.0+dfsg-7_amd64.deb
 519d367e7a08505d27408870163edc61 2547618 otherosfs optional 
qemu-system-ppc_1.7.0+dfsg-7_amd64.deb
 44b53576ec3b8ac028e4bd37e577f9f0 1603410 otherosfs optional 
qemu-system-sparc_1.7.0+dfsg-7_amd64.deb
 8a38a04ed9852161650e7d9d63e4bbc9 1975052 otherosfs optional 
qemu-system-x86_1.7.0+dfsg-7_amd64.deb
 c276178e4df6dd143bff88d6bd7984db 4868736 otherosfs optional 
qemu-user_1.7.0+dfsg-7_amd64.deb
 c8f9ccea46bec60d90cb417cce098a93 7329142 otherosfs optional 
qemu-user-static_1.7.0+dfsg-7_amd64.deb
 33ee9b5a0a0646cae15acddfb1d76e3e 435700 otherosfs optional 
qemu-utils_1.7.0+dfsg-7_amd64.deb
 e9ad2232855c43f2bbdd2df100848a3d 129292 otherosfs optional 
qemu-guest-agent_1.7.0+dfsg-7_amd64.deb
 6552c8e3b7c5272684fb4647a3e4cde0 46196 otherosfs optional 
qemu-kvm_1.7.0+dfsg-7_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQEcBAEBAgAGBQJTSB6DAAoJEL7lnXSkw9fbq/kH/3WQgpVFrDMGfNKgW4sbrbj2
YkrfYNSLGGQK9O3W1B6kaE2Hz141atxt7S/rq7OoTwCu9k9D/BOE6IByCXIwcgzk
5as2YPVFjhSgsRYie7tZgaPU+1Y9fRHqvrBJiTV+6O+bPNg7s/Hrm+3gl32CN+pU
pTiPLbWSt6e2eQ/cZZLPlZZn+wx7KadFluKDFjg7lWDV7gOymjNlSUYzWbxpLvQ5
1A3v7RTyyj145Ms91SEhkbknNn5yxo1p37KzVWJsEqjfQ3uyY2osu3yHcXURMY6h
tLgSHjjlD0S+KzuK0QWSrjWk8UsK9ersCeVX9XNJ687zD4FuSetq0WfYmBjztU8=
=+E4s
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to