Your message dated Sat, 08 Feb 2020 16:32:14 +0000
with message-id <e1j0t1i-000ivm...@fasolo.debian.org>
and subject line Bug#949731: fixed in qemu 1:3.1+dfsg-8+deb10u4
has caused the Debian Bug report #949731,
regarding qemu: CVE-2020-1711: block: iscsi: OOB heap access via an unexpected
response of iSCSI Server
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
949731: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=949731
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: qemu
Version: 1:4.2-1
Severity: grave
Tags: security upstream
Justification: user security hole
Forwarded: https://lists.gnu.org/archive/html/qemu-devel/2020-01/msg05535.html
Hi,
The following vulnerability was published for qemu.
CVE-2020-1711[0]:
| block: iscsi: OOB heap access via an unexpected response of iSCSI
| Server
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2020-1711
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1711
[1] https://lists.gnu.org/archive/html/qemu-devel/2020-01/msg05535.html
[2] https://www.openwall.com/lists/oss-security/2020/01/23/3
[3] https://bugzilla.redhat.com/show_bug.cgi?id=1794290
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: qemu
Source-Version: 1:3.1+dfsg-8+deb10u4
We believe that the bug you reported is fixed in the latest version of
qemu, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 949...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michael Tokarev <m...@tls.msk.ru> (supplier of updated qemu package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Thu, 30 Jan 2020 23:28:55 +0300
Source: qemu
Architecture: source
Version: 1:3.1+dfsg-8+deb10u4
Distribution: buster-security
Urgency: medium
Maintainer: Debian QEMU Team <pkg-qemu-de...@lists.alioth.debian.org>
Changed-By: Michael Tokarev <m...@tls.msk.ru>
Closes: 939869 946210 949731
Changes:
qemu (1:3.1+dfsg-8+deb10u4) buster-security; urgency=medium
.
* acknowledge the last NMU by the Security Team
* io-ensure-UNIX-client-doesn-t-unlink-server-socket.patch
Closes: #946210
* slirp possible use-after-free in ip_reass(),
slirp-ip_reass-fix-use-after-free-CVE-CVE-2019-15890.patch
Closes: #939869, CVE-2019-15890
* slirp emulation fixes, Closes: CVE-2020-7039
tcp_emu-fix-OOB-access-CVE-2020-7039.patch
slirp-use-correct-size-while-emulating-commands-CVE-2020-7039.patch
slirp-use-correct-size-while-emulating-IRC-commands-CVE-2020-7039.patch
* fix iscsi OOB heap access via an unexpected response of iSCSI Server,
scsi-cap-block-count-from-GET-LBA-STATUS-CVE-2020-1711.patch
Closes: #949731, CVE-2020-1711
Checksums-Sha1:
028fd422ddfaf6168cc097b32c4a564169645ca7 6152 qemu_3.1+dfsg-8+deb10u4.dsc
e8efd819cde6e6a7ab8e2863fe8c3b73c5530271 92988
qemu_3.1+dfsg-8+deb10u4.debian.tar.xz
10247d18009b29dbe749fcd1f97b2710ab754df4 8582
qemu_3.1+dfsg-8+deb10u4_source.buildinfo
Checksums-Sha256:
af990e2ec4e6ae2cf0f040caa17576fa7f76e06f938ededc30abc691e87c576b 6152
qemu_3.1+dfsg-8+deb10u4.dsc
c5b61b5b45eaa3aff59206683d5a746ab642d6b167f6fb40dd774f847c3dccb3 92988
qemu_3.1+dfsg-8+deb10u4.debian.tar.xz
33a4e68fa15293c7616ac9471a17c0c5b3c2a90493687f3a65897ebd9fd57265 8582
qemu_3.1+dfsg-8+deb10u4_source.buildinfo
Files:
df1d70ca07192cff805e474736b34d32 6152 otherosfs optional
qemu_3.1+dfsg-8+deb10u4.dsc
a3b6ad75647ea6f9a58a079e8783da0b 92988 otherosfs optional
qemu_3.1+dfsg-8+deb10u4.debian.tar.xz
535cdc2038bc4ea4bd3a263eb9ade7e4 8582 otherosfs optional
qemu_3.1+dfsg-8+deb10u4_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQFDBAEBCAAtFiEEe3O61ovnosKJMUsicBtPaxppPlkFAl40CCsPHG1qdEB0bHMu
bXNrLnJ1AAoJEHAbT2saaT5ZaSIH/1CqlfrmtNBukHWUiqv6W4nU3P4cBdd2WJNz
pmLKalSF40dq1XNYiKQCRNlXFBFF4SycPahywiIWHoEsp873GZnGuAu383CvpDS8
xICeDudQBOC2EIZaRqfoSQSypg5VUz6RxLSUOrcjGvNwtWxA3gXPNKAnVNQBdJ+a
Ggd+RQjfyDxWlnqJvX52f9ySVd76zj8xPo9H3oL6++RT1qy8PGfJsRhWNcALaOR6
LbRW29lAQOonp2Ggr+05cX3YFyu0ELnV4cHX5S8EWw1uW3fMM9NlSTbrcHVC6EJg
iDPQMe198U8k6zVvc846c4JT4n9QMq3aAz0efVsma+qTqGobz34=
=yicp
-----END PGP SIGNATURE-----
--- End Message ---