Your message dated Sat, 08 Feb 2020 16:32:14 +0000 with message-id <e1j0t1i-000ivm...@fasolo.debian.org> and subject line Bug#949731: fixed in qemu 1:3.1+dfsg-8+deb10u4 has caused the Debian Bug report #949731, regarding qemu: CVE-2020-1711: block: iscsi: OOB heap access via an unexpected response of iSCSI Server to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 949731: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=949731 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: qemu Version: 1:4.2-1 Severity: grave Tags: security upstream Justification: user security hole Forwarded: https://lists.gnu.org/archive/html/qemu-devel/2020-01/msg05535.html Hi, The following vulnerability was published for qemu. CVE-2020-1711[0]: | block: iscsi: OOB heap access via an unexpected response of iSCSI | Server If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2020-1711 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1711 [1] https://lists.gnu.org/archive/html/qemu-devel/2020-01/msg05535.html [2] https://www.openwall.com/lists/oss-security/2020/01/23/3 [3] https://bugzilla.redhat.com/show_bug.cgi?id=1794290 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: qemu Source-Version: 1:3.1+dfsg-8+deb10u4 We believe that the bug you reported is fixed in the latest version of qemu, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 949...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Michael Tokarev <m...@tls.msk.ru> (supplier of updated qemu package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Thu, 30 Jan 2020 23:28:55 +0300 Source: qemu Architecture: source Version: 1:3.1+dfsg-8+deb10u4 Distribution: buster-security Urgency: medium Maintainer: Debian QEMU Team <pkg-qemu-de...@lists.alioth.debian.org> Changed-By: Michael Tokarev <m...@tls.msk.ru> Closes: 939869 946210 949731 Changes: qemu (1:3.1+dfsg-8+deb10u4) buster-security; urgency=medium . * acknowledge the last NMU by the Security Team * io-ensure-UNIX-client-doesn-t-unlink-server-socket.patch Closes: #946210 * slirp possible use-after-free in ip_reass(), slirp-ip_reass-fix-use-after-free-CVE-CVE-2019-15890.patch Closes: #939869, CVE-2019-15890 * slirp emulation fixes, Closes: CVE-2020-7039 tcp_emu-fix-OOB-access-CVE-2020-7039.patch slirp-use-correct-size-while-emulating-commands-CVE-2020-7039.patch slirp-use-correct-size-while-emulating-IRC-commands-CVE-2020-7039.patch * fix iscsi OOB heap access via an unexpected response of iSCSI Server, scsi-cap-block-count-from-GET-LBA-STATUS-CVE-2020-1711.patch Closes: #949731, CVE-2020-1711 Checksums-Sha1: 028fd422ddfaf6168cc097b32c4a564169645ca7 6152 qemu_3.1+dfsg-8+deb10u4.dsc e8efd819cde6e6a7ab8e2863fe8c3b73c5530271 92988 qemu_3.1+dfsg-8+deb10u4.debian.tar.xz 10247d18009b29dbe749fcd1f97b2710ab754df4 8582 qemu_3.1+dfsg-8+deb10u4_source.buildinfo Checksums-Sha256: af990e2ec4e6ae2cf0f040caa17576fa7f76e06f938ededc30abc691e87c576b 6152 qemu_3.1+dfsg-8+deb10u4.dsc c5b61b5b45eaa3aff59206683d5a746ab642d6b167f6fb40dd774f847c3dccb3 92988 qemu_3.1+dfsg-8+deb10u4.debian.tar.xz 33a4e68fa15293c7616ac9471a17c0c5b3c2a90493687f3a65897ebd9fd57265 8582 qemu_3.1+dfsg-8+deb10u4_source.buildinfo Files: df1d70ca07192cff805e474736b34d32 6152 otherosfs optional qemu_3.1+dfsg-8+deb10u4.dsc a3b6ad75647ea6f9a58a079e8783da0b 92988 otherosfs optional qemu_3.1+dfsg-8+deb10u4.debian.tar.xz 535cdc2038bc4ea4bd3a263eb9ade7e4 8582 otherosfs optional qemu_3.1+dfsg-8+deb10u4_source.buildinfo -----BEGIN PGP SIGNATURE----- iQFDBAEBCAAtFiEEe3O61ovnosKJMUsicBtPaxppPlkFAl40CCsPHG1qdEB0bHMu bXNrLnJ1AAoJEHAbT2saaT5ZaSIH/1CqlfrmtNBukHWUiqv6W4nU3P4cBdd2WJNz pmLKalSF40dq1XNYiKQCRNlXFBFF4SycPahywiIWHoEsp873GZnGuAu383CvpDS8 xICeDudQBOC2EIZaRqfoSQSypg5VUz6RxLSUOrcjGvNwtWxA3gXPNKAnVNQBdJ+a Ggd+RQjfyDxWlnqJvX52f9ySVd76zj8xPo9H3oL6++RT1qy8PGfJsRhWNcALaOR6 LbRW29lAQOonp2Ggr+05cX3YFyu0ELnV4cHX5S8EWw1uW3fMM9NlSTbrcHVC6EJg iDPQMe198U8k6zVvc846c4JT4n9QMq3aAz0efVsma+qTqGobz34= =yicp -----END PGP SIGNATURE-----
--- End Message ---
