Your message dated Fri, 18 Apr 2014 17:47:21 +0000
with message-id <[email protected]>
and subject line Bug#744221: fixed in qemu 1.1.2+dfsg-6a+deb7u1
has caused the Debian Bug report #744221,
regarding CVE-2014-0150: guest-triggerable buffer overrun in virtio-net
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
744221: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=744221
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: qemu
Version: 0.6.1-1
Severity: grave
Tags: security patch upstream squeeze wheezy jessie sid
This is a guest-triggerable buffer overrun in virtio-net device in qemu.
The relevant code has been added to qemu in version 0.6, which means it
is in all versions of debian. The network device is one of the most
important network devices which qemu implements, so impact might be
very high.
Upstream commit fixing this issue:
http://thread.gmane.org/gmane.comp.emulators.qemu/266713
Thanks,
/mjt
--- End Message ---
--- Begin Message ---
Source: qemu
Source-Version: 1.1.2+dfsg-6a+deb7u1
We believe that the bug you reported is fixed in the latest version of
qemu, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michael Tokarev <[email protected]> (supplier of updated qemu package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Fri, 11 Apr 2014 20:27:16 +0400
Source: qemu
Binary: qemu qemu-keymaps qemu-system qemu-user qemu-user-static qemu-utils
Architecture: source all amd64
Version: 1.1.2+dfsg-6a+deb7u1
Distribution: wheezy-security
Urgency: high
Maintainer: Debian QEMU Team <[email protected]>
Changed-By: Michael Tokarev <[email protected]>
Description:
qemu - fast processor emulator
qemu-keymaps - QEMU keyboard maps
qemu-system - QEMU full system emulation binaries
qemu-user - QEMU user mode emulation binaries
qemu-user-static - QEMU user mode emulation binaries (static version)
qemu-utils - QEMU utilities
Closes: 744221
Changes:
qemu (1.1.2+dfsg-6a+deb7u1) wheezy-security; urgency=high
.
* fix guest-triggerable buffer overrun in virtio-net device
(Closes: #744221 CVE-2014-0150)
Checksums-Sha1:
5072844151353902ce278aabf84089e8849b6b17 2631 qemu_1.1.2+dfsg-6a+deb7u1.dsc
65930c43945aad83862eaf578b93b7c3d041dc3c 4480342 qemu_1.1.2+dfsg.orig.tar.bz2
c31e9c0d7d010dc07b92ce37bb635f467c932422 64795
qemu_1.1.2+dfsg-6a+deb7u1.debian.tar.gz
c121a3f7867aebacd5309f28a6e9e766390571a9 49970
qemu-keymaps_1.1.2+dfsg-6a+deb7u1_all.deb
c8db9340c9a2ee7d74068630453166f783a5f9dc 115898
qemu_1.1.2+dfsg-6a+deb7u1_amd64.deb
6f4fc6ea88b742237c56615669e4b8b821467ccf 27848518
qemu-system_1.1.2+dfsg-6a+deb7u1_amd64.deb
edafa98aeaf5be5862089b4bc97bbd5dd8b12298 7727096
qemu-user_1.1.2+dfsg-6a+deb7u1_amd64.deb
2e6e3b37aa0e2c53840ebe2f4847489dc4b3ddb8 16544098
qemu-user-static_1.1.2+dfsg-6a+deb7u1_amd64.deb
1e24bebf15129138904f573743976a24c83a0a20 658956
qemu-utils_1.1.2+dfsg-6a+deb7u1_amd64.deb
Checksums-Sha256:
68139a029f41e440ebfc44e08aefccbaa282a7576da4299275e38c8224cdab25 2631
qemu_1.1.2+dfsg-6a+deb7u1.dsc
8286cbf15452ba2166e1fde1cfce1a1ded46ad20d8463a720d13a834b5f69915 4480342
qemu_1.1.2+dfsg.orig.tar.bz2
ccbeae639880df9dac0040972bc702ce4e0b02cde4070d2f062a2a33a52c2c64 64795
qemu_1.1.2+dfsg-6a+deb7u1.debian.tar.gz
7aa84b644f2198e5a8e130f4e3d358c6b9c00a6794861f2e1cdc812a55ab33cf 49970
qemu-keymaps_1.1.2+dfsg-6a+deb7u1_all.deb
1e143390977538fdc3d4e2b034e5e54a2feae86721e95d50f72a2d9ad88566d3 115898
qemu_1.1.2+dfsg-6a+deb7u1_amd64.deb
b9312d605fab757eea3d35b137c98240f91a77630f7ed2d4a83b51a288361191 27848518
qemu-system_1.1.2+dfsg-6a+deb7u1_amd64.deb
2170a31abec57acb3cd4a64c3532a2c5f6b83d6c9c5f77456cc6aff73dc2fe8b 7727096
qemu-user_1.1.2+dfsg-6a+deb7u1_amd64.deb
7befc797c783650d4d7344107e985d60c185cfbaf8f4a95892c2c0d3926d395a 16544098
qemu-user-static_1.1.2+dfsg-6a+deb7u1_amd64.deb
a67f7383d87374801ea5be910dec754fb7f92d2d4980f3c7d15bfcf275b34636 658956
qemu-utils_1.1.2+dfsg-6a+deb7u1_amd64.deb
Files:
b8ede7f967eed8a4a4d261f713a32dd2 2631 misc optional
qemu_1.1.2+dfsg-6a+deb7u1.dsc
e385f154b12c27422860cdcbd37509b4 4480342 misc optional
qemu_1.1.2+dfsg.orig.tar.bz2
0a0d79db91b42bfca23852415087ff51 64795 misc optional
qemu_1.1.2+dfsg-6a+deb7u1.debian.tar.gz
8351031d9d096016eec4d36ea3b16f52 49970 misc optional
qemu-keymaps_1.1.2+dfsg-6a+deb7u1_all.deb
f541d6c6e5325716ff1128041145cbc9 115898 misc optional
qemu_1.1.2+dfsg-6a+deb7u1_amd64.deb
4ebbb484fcb0333d2c8fd67493fe53a8 27848518 misc optional
qemu-system_1.1.2+dfsg-6a+deb7u1_amd64.deb
ee6f4b9c17d81aa4bf65778cd495d6cc 7727096 misc optional
qemu-user_1.1.2+dfsg-6a+deb7u1_amd64.deb
4ca03e096596d1f7258c20662e249543 16544098 misc optional
qemu-user-static_1.1.2+dfsg-6a+deb7u1_amd64.deb
7a631e1df5b5975227b0aa14cfc41818 658956 misc optional
qemu-utils_1.1.2+dfsg-6a+deb7u1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQEcBAEBAgAGBQJTSNpCAAoJEL7lnXSkw9fbzIwIAJl6cryGf0K3+xl1qoHT978Z
VJneEFlkG5JqQW8BotAHR91li6l/Kc0aqZpWMOHqIGfCOQcO4ngQHcqNvNzg4WQW
s6ampZ9bkrNNLwUrFCvNLo9SqgvxrObeAM4OTSbvGt4zJcID01wU5xWr/nNQkE0r
ld4m3AFREjUd7h+Dw+U1/795qHD9g2s7OSm78+N2vFNIj6C6cNDQLF9fjUc+9RUJ
LStD6FwlOoBRC2ZYyHj3GjVRr1GHHHRiAJXrT4j6n+aeX2mHxRSa4EWBymgk+ytj
6Iu45GEfdZFtxoWO4BnI795/Sl1CSCq29m+YAyDFdNWLmQpj0ZjHIxQFvYFC9k8=
=Jkqg
-----END PGP SIGNATURE-----
--- End Message ---
