Your message dated Fri, 18 Apr 2014 17:47:51 +0000
with message-id <[email protected]>
and subject line Bug#744221: fixed in qemu-kvm 1.1.2+dfsg-6+deb7u1
has caused the Debian Bug report #744221,
regarding CVE-2014-0150: guest-triggerable buffer overrun in virtio-net
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
744221: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=744221
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: qemu
Version: 0.6.1-1
Severity: grave
Tags: security patch upstream squeeze wheezy jessie sid
This is a guest-triggerable buffer overrun in virtio-net device in qemu.
The relevant code has been added to qemu in version 0.6, which means it
is in all versions of debian. The network device is one of the most
important network devices which qemu implements, so impact might be
very high.
Upstream commit fixing this issue:
http://thread.gmane.org/gmane.comp.emulators.qemu/266713
Thanks,
/mjt
--- End Message ---
--- Begin Message ---
Source: qemu-kvm
Source-Version: 1.1.2+dfsg-6+deb7u1
We believe that the bug you reported is fixed in the latest version of
qemu-kvm, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michael Tokarev <[email protected]> (supplier of updated qemu-kvm package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Fri, 11 Apr 2014 20:27:16 +0400
Source: qemu-kvm
Binary: qemu-kvm qemu-kvm-dbg kvm
Architecture: source amd64
Version: 1.1.2+dfsg-6+deb7u1
Distribution: wheezy-security
Urgency: high
Maintainer: Michael Tokarev <[email protected]>
Changed-By: Michael Tokarev <[email protected]>
Description:
kvm - dummy transitional package from kvm to qemu-kvm
qemu-kvm - Full virtualization on x86 hardware
qemu-kvm-dbg - Debugging info for qemu-kvm
Closes: 744221
Changes:
qemu-kvm (1.1.2+dfsg-6+deb7u1) wheezy-security; urgency=high
.
* fix guest-triggerable buffer overrun in virtio-net device
(Closes: #744221 CVE-2014-0150)
Checksums-Sha1:
fcb7e56be13ea1bce9c1a249badb300326fc8b69 2151 qemu-kvm_1.1.2+dfsg-6+deb7u1.dsc
5363df6f46c1931dfeabb34ff3f54468f5e8d141 3737392
qemu-kvm_1.1.2+dfsg.orig.tar.xz
fc5b602e55f47cee2693c45611346545052e28b6 52199
qemu-kvm_1.1.2+dfsg-6+deb7u1.debian.tar.gz
562e004a20eeca536b3eee9d9f3336512e0ed4c9 1677416
qemu-kvm_1.1.2+dfsg-6+deb7u1_amd64.deb
2aeea4f3d10393a145fd7c22b0dbcec3c9e7f4d0 5267906
qemu-kvm-dbg_1.1.2+dfsg-6+deb7u1_amd64.deb
526b9db0dd65805ff7e27de4b9acaccd7fca6d51 23582
kvm_1.1.2+dfsg-6+deb7u1_amd64.deb
Checksums-Sha256:
ee5fe8cad3df58c3403fc7c0ed27993e28c9065b4956776a13d92880a3f94e1b 2151
qemu-kvm_1.1.2+dfsg-6+deb7u1.dsc
82065673c5c6e785c4c692c1899ec1420f0753fbe2cd278bdaa1c9c7a262a019 3737392
qemu-kvm_1.1.2+dfsg.orig.tar.xz
4bb383542b004a08611f8d0c9d6c9913d21a1f38a03d6225e64733cd3f6bc179 52199
qemu-kvm_1.1.2+dfsg-6+deb7u1.debian.tar.gz
7229f26150fd2a6480e699f6177f8d81c00021c5957b2446cc1e7d3ff6f24dce 1677416
qemu-kvm_1.1.2+dfsg-6+deb7u1_amd64.deb
3af022ccc1110ea06b7406d42fb9a207af5c43196822d895cbe7a4b4f7efd809 5267906
qemu-kvm-dbg_1.1.2+dfsg-6+deb7u1_amd64.deb
a35ba0d571420111ae62b2f0a81052a7e609816f296b0dd0e00d98f54f8fa62f 23582
kvm_1.1.2+dfsg-6+deb7u1_amd64.deb
Files:
4d4303d15cea31388401691eb75ac584 2151 misc optional
qemu-kvm_1.1.2+dfsg-6+deb7u1.dsc
2c2c78c14294c177b697ac0544c7634d 3737392 misc optional
qemu-kvm_1.1.2+dfsg.orig.tar.xz
c418cb93702184dd2358cd54a99175a0 52199 misc optional
qemu-kvm_1.1.2+dfsg-6+deb7u1.debian.tar.gz
7be9bd3ff098805e7f018fb06b567c1a 1677416 misc optional
qemu-kvm_1.1.2+dfsg-6+deb7u1_amd64.deb
ac05050cfc542afe7f7dd294f115888a 5267906 debug extra
qemu-kvm-dbg_1.1.2+dfsg-6+deb7u1_amd64.deb
edb393fb07b56b01627b09ba0aa8c91a 23582 oldlibs extra
kvm_1.1.2+dfsg-6+deb7u1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQEcBAEBAgAGBQJTSNpEAAoJEL7lnXSkw9fbjGUH/jgEW77iu//1NqzRCwpyiEkj
NDPLwz/xsE2FVqQkd+dj+pyaopwWvREAzJ/9AxMToxZQKXs26WBlAeB5UGydU8ur
O/PRwNcWbykKUCuUI/a0f5ZZUSL7LnDnT9aXe/88sBMh44YWDK42OXPU5Nz/y9GJ
1PvMvIgMS+MXDS3Ktpzgo6toFsig2kK8XyfY/tFfRre8469kzY2ho0Q2se/EOqy/
xNbVpMDK+WX0xAQc6Gwe7LdhfKcDbcZ34C/WOv+ehkyvMxvgTtv3zbVw80EJprSU
Adqiz8xKKHfOD9N/kiGedVCciQUZ59ZwcB8PRmso8JYYFEYXzUdpWJ+R9M6I/AY=
=H7pi
-----END PGP SIGNATURE-----
--- End Message ---
