Your message dated Fri, 01 Aug 2014 16:37:43 +0000
with message-id <[email protected]>
and subject line Bug#739589: fixed in qemu 2.1+dfsg-1
has caused the Debian Bug report #739589,
regarding multiple security flaws in migration stream processing
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
739589: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=739589
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: qemu
Severity: grave
Tags: security
Hi,
multiple security issues were reported in qemu/KVM:
CVE-2013-4148
http://lists.gnu.org/archive/html/qemu-devel/2013-12/msg00395.html
CVE-2013-4149
http://lists.gnu.org/archive/html/qemu-devel/2013-12/msg00396.html
CVE-2013-4150
http://lists.gnu.org/archive/html/qemu-devel/2013-12/msg00397.html
CVE-2013-4151
http://lists.gnu.org/archive/html/qemu-devel/2013-12/msg00425.html
CVE-2013-4526
http://lists.gnu.org/archive/html/qemu-devel/2013-12/msg00398.html
CVE-2013-4527
http://lists.gnu.org/archive/html/qemu-devel/2013-12/msg00399.html
CVE-2013-4529
http://lists.gnu.org/archive/html/qemu-devel/2013-12/msg00400.html
CVE-2013-4530
http://lists.gnu.org/archive/html/qemu-devel/2013-12/msg00401.html
CVE-2013-4531
http://lists.gnu.org/archive/html/qemu-devel/2013-12/msg00402.html
CVE-2013-4532
http://lists.gnu.org/archive/html/qemu-devel/2013-12/msg00403.html
http://lists.gnu.org/archive/html/qemu-devel/2013-12/msg00414.html
http://lists.gnu.org/archive/html/qemu-devel/2013-12/msg00404.html
CVE-2013-4533
http://lists.gnu.org/archive/html/qemu-devel/2013-12/msg00407.html
CVE-2013-4534
http://lists.gnu.org/archive/html/qemu-devel/2013-12/msg00406.html
CVE-2013-4535
http://lists.gnu.org/archive/html/qemu-devel/2013-12/msg00408.html
CVE-2013-4536
http://lists.gnu.org/archive/html/qemu-devel/2013-12/msg00408.html
CVE-2013-4537
http://lists.gnu.org/archive/html/qemu-devel/2013-12/msg00409.html
CVE-2013-4538
http://lists.gnu.org/archive/html/qemu-devel/2013-12/msg00410.html
CVE-2013-4539
http://lists.gnu.org/archive/html/qemu-devel/2013-12/msg00411.html
CVE-2013-4540
http://lists.gnu.org/archive/html/qemu-devel/2013-12/msg00412.html
CVE-2013-4541
http://lists.gnu.org/archive/html/qemu-devel/2013-12/msg00413.html
CVE-2013-4542
http://lists.gnu.org/archive/html/qemu-devel/2013-12/msg00416.html
CVE-2013-6399
http://lists.gnu.org/archive/html/qemu-devel/2013-12/msg00405.html
Cheers,
Moritz
--- End Message ---
--- Begin Message ---
Source: qemu
Source-Version: 2.1+dfsg-1
We believe that the bug you reported is fixed in the latest version of
qemu, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michael Tokarev <[email protected]> (supplier of updated qemu package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Fri, 01 Aug 2014 20:06:22 +0400
Source: qemu
Binary: qemu qemu-system qemu-system-common qemu-system-misc qemu-system-arm
qemu-system-mips qemu-system-ppc qemu-system-sparc qemu-system-x86 qemu-user
qemu-user-static qemu-user-binfmt qemu-utils qemu-guest-agent qemu-kvm
Architecture: source
Version: 2.1+dfsg-1
Distribution: unstable
Urgency: medium
Maintainer: Debian QEMU Team <[email protected]>
Changed-By: Michael Tokarev <[email protected]>
Description:
qemu - fast processor emulator
qemu-guest-agent - Guest-side qemu-system agent
qemu-kvm - QEMU Full virtualization on x86 hardware
qemu-system - QEMU full system emulation binaries
qemu-system-arm - QEMU full system emulation binaries (arm)
qemu-system-common - QEMU full system emulation binaries (common files)
qemu-system-mips - QEMU full system emulation binaries (mips)
qemu-system-misc - QEMU full system emulation binaries (miscelaneous)
qemu-system-ppc - QEMU full system emulation binaries (ppc)
qemu-system-sparc - QEMU full system emulation binaries (sparc)
qemu-system-x86 - QEMU full system emulation binaries (x86)
qemu-user - QEMU user mode emulation binaries
qemu-user-binfmt - QEMU user mode binfmt registration for qemu-user
qemu-user-static - QEMU user mode emulation binaries (static version)
qemu-utils - QEMU utilities
Closes: 735618 739589 755988
Changes:
qemu (2.1+dfsg-1) unstable; urgency=medium
.
* new upstream release
Closes: #739589 CVE-2014-3461
Closes: #735618
* versioned build-depend on libiscsi-dev (>>1.9.0~)
* added ppc64le user target
* fix description of qemu-user-binfmt wrt "empty" (Closes: #755988)
* use /usr/share/dpkg/pkg-info.mk instead of inventing the same locally
* added debian/get-orig-source.sh (and a d/rules target)
* set ubuntu vcs branch to ubuntu-utopic
* binfmt-update-in: make sure to filter out compat arches
Checksums-Sha1:
c999e6ecc6c712b0c2216aeed8e714682cea05a9 5106 qemu_2.1+dfsg-1.dsc
d0c0314af2b710cf3dbd91522963cc0eefa51390 5163316 qemu_2.1+dfsg.orig.tar.xz
18c9a2e9ab99209ff325112c59aa6f9187cc7e9b 56052 qemu_2.1+dfsg-1.debian.tar.xz
Checksums-Sha256:
83709db7c6963a8b6e864a87639fcc22be5c8d0c782a4b39517bdb1929df59ca 5106
qemu_2.1+dfsg-1.dsc
34b610c2538c7617638b8f1bdedf8a96ca2ff8cd8ad97b920a70c4d8d481d97f 5163316
qemu_2.1+dfsg.orig.tar.xz
902ec244c89f64d1c25e1b2cace78743d0322a586e2a721af85d03fe806024e4 56052
qemu_2.1+dfsg-1.debian.tar.xz
Files:
462abc5ceef7b9420437456ab34f9f2b 5106 otherosfs optional qemu_2.1+dfsg-1.dsc
eae7dcf964948cb0f4ed58d0488ae0de 5163316 otherosfs optional
qemu_2.1+dfsg.orig.tar.xz
51ba066f70e6f203557fec029dff3570 56052 otherosfs optional
qemu_2.1+dfsg-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQEcBAEBAgAGBQJT279oAAoJEL7lnXSkw9fbS5oIAMVB+I7ROwYcxFPUWxmTJtqs
32Tn1B9W9HzDv9lHdqFB+JnVZemawDq5BDGSGD+u7qJo9KaGs6ep7msQH7gL3BDJ
RzVrmxpeNWGttlkz4mkm/rFjNqd6jN8m46dI8d+OLzeMNLfq7HpvT+kvh4v2DwjV
Dpmf8FoaDvRKPvnhsfeIf8r3QqCfpWPNn/EBOz/BcaiMIJX0bY/OMhZnCxnONyUi
PG71uTyeTQxFMte/Jq8sw/X34HjXi/qlNYliR29JUvT6GUR9Wxh4l9DbNJ/xFotA
vf7fIMt3qD8zGUxHu5fajD5rZtbFYfJvTUcgiVoOsq9oCJshvN4HGU6N2wa/j2g=
=ENLr
-----END PGP SIGNATURE-----
--- End Message ---
