Bug#908682: marked as done (qemu: (CVE-2018-3639 SSB) qemu should be able to pass the ssbd cpu flag)
Your message dated Wed, 12 Dec 2018 09:16:37 + with message-id and subject line Bug#908682: fixed in qemu 1:3.1+dfsg-1 has caused the Debian Bug report #908682, regarding qemu: (CVE-2018-3639 SSB) qemu should be able to pass the ssbd cpu flag to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 908682: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=908682 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: qemu Version: 1:2.8+dfsg-6+deb9u4 Severity: grave Tags: security Justification: user security hole Dear Maintainer, To mitigate (CVE-2018-3639 SSB) qemu should pass the ssbd cpu flag and patches were made public in May "https://lists.gnu.org/archive/html/qemu-devel/2018-05/msg04795.html; Is there a reason why the qemu stretch package still doesn't have this patch ? Best regards, Azad --- End Message --- --- Begin Message --- Source: qemu Source-Version: 1:3.1+dfsg-1 We believe that the bug you reported is fixed in the latest version of qemu, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 908...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Michael Tokarev (supplier of updated qemu package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Sun, 02 Dec 2018 19:10:27 +0300 Source: qemu Binary: qemu qemu-system qemu-block-extra qemu-system-data qemu-system-common qemu-system-gui qemu-system-misc qemu-system-arm qemu-system-mips qemu-system-ppc qemu-system-sparc qemu-system-x86 qemu-user qemu-user-static qemu-user-binfmt qemu-utils qemu-guest-agent qemu-kvm Architecture: source Version: 1:3.1+dfsg-1 Distribution: unstable Urgency: medium Maintainer: Debian QEMU Team Changed-By: Michael Tokarev Description: qemu - fast processor emulator, dummy package qemu-block-extra - extra block backend modules for qemu-system and qemu-utils qemu-guest-agent - Guest-side qemu-system agent qemu-kvm - QEMU Full virtualization on x86 hardware qemu-system - QEMU full system emulation binaries qemu-system-arm - QEMU full system emulation binaries (arm) qemu-system-common - QEMU full system emulation binaries (common files) qemu-system-data - QEMU full system emulation (data files) qemu-system-gui - QEMU full system emulation binaries (user interface and audio sup qemu-system-mips - QEMU full system emulation binaries (mips) qemu-system-misc - QEMU full system emulation binaries (miscellaneous) qemu-system-ppc - QEMU full system emulation binaries (ppc) qemu-system-sparc - QEMU full system emulation binaries (sparc) qemu-system-x86 - QEMU full system emulation binaries (x86) qemu-user - QEMU user mode emulation binaries qemu-user-binfmt - QEMU user mode binfmt registration for qemu-user qemu-user-static - QEMU user mode emulation binaries (static version) qemu-utils - QEMU utilities Closes: 795486 813658 901017 902501 902725 907500 908682 910431 911468 911469 911470 911499 912535 914599 914604 914727 915884 Changes: qemu (1:3.1+dfsg-1) unstable; urgency=medium . * new upstream release (3.1) * Security bugs fixed by upstream: Closes: #910431, CVE-2018-10839: integer overflow leads to buffer overflow issue Closes: #911468, CVE-2018-17962 pcnet: integer overflow leads to buffer overflow Closes: #911469, CVE-2018-17963 net: ignore packets with large size Closes: #908682, CVE-2018-3639 qemu should be able to pass the ssbd cpu flag Closes: #901017, CVE-2018-11806 m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow via incoming fragmented datagrams Closes: #902725, CVE-2018-12617 qmp_guest_file_read in qemu-ga has an integer overflow Closes: #907500, CVE-2018-15746 qemu-seccomp might allow local OS guest users to cause a denial of service Closes: #915884, CVE-2018-16867 dev-mtp: path traversal in usb_mtp_write_data of the MTP Closes: #911499, CVE-2018-17958 Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used Closes: #911470, CVE-2018-18438 integer overflows because IOReadHandler and its
Bug#908682: marked as done (qemu: (CVE-2018-3639 SSB) qemu should be able to pass the ssbd cpu flag)
Your message dated Fri, 23 Nov 2018 21:32:54 + with message-id and subject line Bug#908682: fixed in qemu 1:2.8+dfsg-6+deb9u5 has caused the Debian Bug report #908682, regarding qemu: (CVE-2018-3639 SSB) qemu should be able to pass the ssbd cpu flag to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 908682: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=908682 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: qemu Version: 1:2.8+dfsg-6+deb9u4 Severity: grave Tags: security Justification: user security hole Dear Maintainer, To mitigate (CVE-2018-3639 SSB) qemu should pass the ssbd cpu flag and patches were made public in May "https://lists.gnu.org/archive/html/qemu-devel/2018-05/msg04795.html; Is there a reason why the qemu stretch package still doesn't have this patch ? Best regards, Azad --- End Message --- --- Begin Message --- Source: qemu Source-Version: 1:2.8+dfsg-6+deb9u5 We believe that the bug you reported is fixed in the latest version of qemu, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 908...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Moritz Mühlenhoff (supplier of updated qemu package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Thu, 08 Nov 2018 16:41:45 +0100 Source: qemu Binary: qemu qemu-system qemu-block-extra qemu-system-common qemu-system-misc qemu-system-arm qemu-system-mips qemu-system-ppc qemu-system-sparc qemu-system-x86 qemu-user qemu-user-static qemu-user-binfmt qemu-utils qemu-guest-agent qemu-kvm Architecture: source amd64 Version: 1:2.8+dfsg-6+deb9u5 Distribution: stretch-security Urgency: medium Maintainer: Debian QEMU Team Changed-By: Moritz Mühlenhoff Description: qemu - fast processor emulator qemu-block-extra - extra block backend modules for qemu-system and qemu-utils qemu-guest-agent - Guest-side qemu-system agent qemu-kvm - QEMU Full virtualization on x86 hardware qemu-system - QEMU full system emulation binaries qemu-system-arm - QEMU full system emulation binaries (arm) qemu-system-common - QEMU full system emulation binaries (common files) qemu-system-mips - QEMU full system emulation binaries (mips) qemu-system-misc - QEMU full system emulation binaries (miscellaneous) qemu-system-ppc - QEMU full system emulation binaries (ppc) qemu-system-sparc - QEMU full system emulation binaries (sparc) qemu-system-x86 - QEMU full system emulation binaries (x86) qemu-user - QEMU user mode emulation binaries qemu-user-binfmt - QEMU user mode binfmt registration for qemu-user qemu-user-static - QEMU user mode emulation binaries (static version) qemu-utils - QEMU utilities Closes: 908682 910431 911468 911469 Changes: qemu (1:2.8+dfsg-6+deb9u5) stretch-security; urgency=medium . * Backport SSBD support (Closes: #908682) * CVE-2018-10839 (Closes: #910431) * CVE-2018-17962 (Closes: #911468) * CVE-2018-17963 (Closes: #911469) Checksums-Sha1: 51d9a6ab1938acf80d1c4dda5eccbbbacb196cca 5904 qemu_2.8+dfsg-6+deb9u5.dsc 43e41704d1befe6ff21fe4c460974938fd1a9d1c 153452 qemu_2.8+dfsg-6+deb9u5.debian.tar.xz 2bb046d38c6d176249b9faba8578ee458ce2e012 276060 qemu-block-extra-dbgsym_2.8+dfsg-6+deb9u5_amd64.deb 15061b0a968f84e910391246697ffa138adebc86 105362 qemu-block-extra_2.8+dfsg-6+deb9u5_amd64.deb 4c29681c0248affe9784649493869a7a6b1b1c00 771368 qemu-guest-agent-dbgsym_2.8+dfsg-6+deb9u5_amd64.deb 48d4cd0816ed6560f73e2df2b436a37ee2f7d3fe 314908 qemu-guest-agent_2.8+dfsg-6+deb9u5_amd64.deb dc30f657ff3fae27899a50d65e0ffbeca0429fce 66802 qemu-kvm_2.8+dfsg-6+deb9u5_amd64.deb 710b232915152ba891b7fb06ab69c73a94514c8c 33553014 qemu-system-arm-dbgsym_2.8+dfsg-6+deb9u5_amd64.deb 26ba135064c64507e1f6aa94fefa161b0720436a 5246398 qemu-system-arm_2.8+dfsg-6+deb9u5_amd64.deb dae8fa6d5c94b1463d58a925d78279e857d10641 329706 qemu-system-common-dbgsym_2.8+dfsg-6+deb9u5_amd64.deb 3ca4b1bab999da34a81934783465006e361c6405 501926 qemu-system-common_2.8+dfsg-6+deb9u5_amd64.deb 9e12e831caf035ad458b41209461708ed66d4f46 57946296 qemu-system-mips-dbgsym_2.8+dfsg-6+deb9u5_amd64.deb 3f96cdeb30073fcb5d32ab78410293292d471961