Your message dated Fri, 17 Jan 2020 11:53:23 +0000 with message-id <e1isqbn-00083p...@fasolo.debian.org> and subject line Bug#949084: fixed in libslirp 4.1.0-2 has caused the Debian Bug report #949084, regarding libslirp: CVE-2020-7039 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 949084: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=949084 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: libslirp Version: 4.1.0-1 Severity: grave Tags: security upstream Justification: user security hole Hi, The following vulnerability was published for libslirp. CVE-2020-7039[0]: | OOB buffer access while emulating tcp protocols in tcp_emu() If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2020-7039 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7039 [1] https://www.openwall.com/lists/oss-security/2020/01/16/2 [2] https://gitlab.freedesktop.org/slirp/libslirp/commit/2655fffed7a9e765bcb4701dd876e9dab975f289 https://gitlab.freedesktop.org/slirp/libslirp/commit/ce131029d6d4a405cb7d3ac6716d03e58fb4a5d9 https://gitlab.freedesktop.org/slirp/libslirp/commit/82ebe9c370a0e2970fb5695aa19aa5214a6a1c80 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: libslirp Source-Version: 4.1.0-2 We believe that the bug you reported is fixed in the latest version of libslirp, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 949...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Michael Tokarev <m...@tls.msk.ru> (supplier of updated libslirp package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Fri, 17 Jan 2020 14:24:00 +0300 Source: libslirp Architecture: source Version: 4.1.0-2 Distribution: unstable Urgency: high Maintainer: Debian QEMU Team <pkg-qemu-de...@lists.alioth.debian.org> Changed-By: Michael Tokarev <m...@tls.msk.ru> Closes: 949084 Changes: libslirp (4.1.0-2) unstable; urgency=high . * Closes: #949084, CVE-2020-7039: OOB buffer access while emulating tcp protocols in tcp_emu() This includes 3 patches: tcp_emu-fix-OOB-access-CVE-2020-7039.patch slirp-use-correct-size-while-emulating-commands-CVE-2020-7039.patch slirp-use-correct-size-while-emulating-IRC-commands-CVE-2020-7039.patch Checksums-Sha1: 8b2a475ecfa7ce890c44574c28b293f5671fb38c 1673 libslirp_4.1.0-2.dsc ca5b046c396a32d78a6ab15742be781e409ef229 5132 libslirp_4.1.0-2.debian.tar.xz ab99757b31b2a76fa3b692631c45b9012bc8c2dd 6285 libslirp_4.1.0-2_source.buildinfo Checksums-Sha256: 288303e048204581e4143fc01eea90a376917244e6201266a6a928ca2201387a 1673 libslirp_4.1.0-2.dsc 48bb87c4ef08554c0b21e68f6f388dcf1108477572f9b95c58e8c4e99642c3ad 5132 libslirp_4.1.0-2.debian.tar.xz 628ef027c0e3e78e6c1062aba87407a224715f8e65b41daf33826dcd1646510a 6285 libslirp_4.1.0-2_source.buildinfo Files: 1998d87125a53b34358b2a2f2c70993c 1673 net optional libslirp_4.1.0-2.dsc 7094963c24d7319c5bf6b4846ca40eb8 5132 net optional libslirp_4.1.0-2.debian.tar.xz c6e1bb5c39214759d5888d7f79999ec0 6285 net optional libslirp_4.1.0-2_source.buildinfo -----BEGIN PGP SIGNATURE----- iQFDBAEBCAAtFiEEe3O61ovnosKJMUsicBtPaxppPlkFAl4hmjIPHG1qdEB0bHMu bXNrLnJ1AAoJEHAbT2saaT5ZjHUIAK9A2sw2RTOtCcYobG9AYsYJ0ySdKqVk11Kc xxkBIoAR95W2BP01GGB27QmAfQ4owt6NaeB7/F2j0izY9cd+HBY7LrbUEBNm/Gy+ WHr/e4nKRhTL1MIUnKcbF2CiNC45BWAr2VA+C9lTvbkh2/d0xmc6DQPzsw7F4DoN U2uqqFNPJ+yKxd/QroiHIluVTFcRrElWssS0BdCbHGq3UnFXAWQHowfoEPQ1/ZEM pR6wo8sKwRwqb8PuygW1wf5Kr1mu+I49Ymhs3eRuds1StJ5BG057PEEYn1V00nyp ODWczSna1PWWqdt9N1tNlbxGI2V9KqqWEsrtuXYXAh/TkH027rw= =pb/e -----END PGP SIGNATURE-----
--- End Message ---
