Bug#827024: marked as done (qemu: CVE-2016-5338: scsi: esp: OOB r/w access while processing ESP_FIFO)

Mon, 13 Jun 2016 03:34:58 -0700 

Your message dated Mon, 13 Jun 2016 10:28:55 +0000
with message-id <[email protected]>
and subject line Bug#827024: fixed in qemu 1:2.6+dfsg-2
has caused the Debian Bug report #827024,
regarding qemu: CVE-2016-5338: scsi: esp: OOB r/w access while processing 
ESP_FIFO
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
827024: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=827024
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Source: qemu
Version: 2.1+dfsg-1
Severity: normal
Tags: security upstream patch fixed-upstream

Hi,

the following vulnerability was published for qemu.

CVE-2016-5338[0]:
scsi: esp: OOB r/w access while processing ESP_FIFO

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2016-5338
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1343323
[2] https://lists.gnu.org/archive/html/qemu-devel/2016-06/msg01507.html
[3] 
http://git.qemu.org/?p=qemu.git;a=commit;h=ff589551c8e8e9e95e211b9d8daafb4ed39f1aec

Regards,
Salvatore

--- End Message ---
--- Begin Message --- 
Source: qemu
Source-Version: 1:2.6+dfsg-2

We believe that the bug you reported is fixed in the latest version of
qemu, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Michael Tokarev <[email protected]> (supplier of updated qemu package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Mon, 13 Jun 2016 12:10:44 +0300
Source: qemu
Binary: qemu qemu-system qemu-block-extra qemu-system-common qemu-system-misc 
qemu-system-arm qemu-system-mips qemu-system-ppc qemu-system-sparc 
qemu-system-x86 qemu-user qemu-user-static qemu-user-binfmt qemu-utils 
qemu-guest-agent qemu-kvm
Architecture: source
Version: 1:2.6+dfsg-2
Distribution: unstable
Urgency: medium
Maintainer: Debian QEMU Team <[email protected]>
Changed-By: Michael Tokarev <[email protected]>
Description:
 qemu       - fast processor emulator
 qemu-block-extra - extra block backend modules for qemu-system and qemu-utils
 qemu-guest-agent - Guest-side qemu-system agent
 qemu-kvm   - QEMU Full virtualization on x86 hardware
 qemu-system - QEMU full system emulation binaries
 qemu-system-arm - QEMU full system emulation binaries (arm)
 qemu-system-common - QEMU full system emulation binaries (common files)
 qemu-system-mips - QEMU full system emulation binaries (mips)
 qemu-system-misc - QEMU full system emulation binaries (miscellaneous)
 qemu-system-ppc - QEMU full system emulation binaries (ppc)
 qemu-system-sparc - QEMU full system emulation binaries (sparc)
 qemu-system-x86 - QEMU full system emulation binaries (x86)
 qemu-user  - QEMU user mode emulation binaries
 qemu-user-binfmt - QEMU user mode binfmt registration for qemu-user
 qemu-user-static - QEMU user mode emulation binaries (static version)
 qemu-utils - QEMU utilities
Closes: 807006 821061 821062 824856 825207 825210 825614 825615 825616 826151 
827024 827026
Changes:
 qemu (1:2.6+dfsg-2) unstable; urgency=medium
 .
   * add missing log entries for previous upload,
     remove closing of #807006 (it is not closed)
   * Added vga-add-sr_vbe-register-set.patch from upstream
     This fixes regression (in particular with win7 installer)
     introduced by the fix for CVE-2016-3712 (commit fd3c136)
   * fix-linking-relocatable-objects-on-sparc.patch (Closes: #807006)
   * Lots of security patches from upstream:
   - net-mipsnet-check-packet-length-against-buffer-CVE-2016-4002.patch
     (Closes: #821061, CVE-2016-4002)
   - i386-kvmvapic-initialise-imm32-variable-CVE-2016-4020.patch
     (Closes: #821062, CVE-2016-4020)
   - esp-check-command-buffer-length-before-write-CVE-2016-4439.patch,
     esp-check-dma-length-before-reading-scsi-command-CVE-2016-4441.patch
     (Closes: #824856, CVE-2016-4439, CVE-2016-4441)
   - scsi-mptsas-infinite-loop-while-fetching-requests-CVE-2016-4964.patch
     (Closes: #825207, CVE-2016-4964)
   - scsi-pvscsi-check-command-descriptor-ring-buffer-size-CVE-2016-4952.patch
     (Closes: #825210, CVE-2016-4952)
   - scsi-megasas-use-appropriate-property-buffer-size-CVE-2016-5106.patch
     (Closes: #825615, CVE-2016-5106)
   - scsi-megasas-initialise-local-configuration-data-buffer-CVE-2016-5105.patch
     (Closes: #825614, CVE-2016-5105)
   - scsi-megasas-check-read_queue_head-index-value-CVE-2016-5107.patch
     (Closes: #825616, CVE-2016-5107)
   - block-iscsi-avoid-potential-overflow-of-acb-task-cdb-CVE-2016-5126.patch
     (Closes: #826151, CVE-2016-5126)
   - scsi-esp-check-TI-buffer-index-before-read-write-CVE-2016-5338.patch
     (Closes: #827024, CVE-2016-5338)
   - scsi-megasas-null-terminate-bios-version-buffer-CVE-2016-5337.patch
     (Closes: #827026, CVE-2016-5337)
   * hw-dma-omap-spelling-fix-endianness.patch (lintian)
   * arm-spelling-fix-mismatch.patch (lintian)
Checksums-Sha1:
 c7bfaf226759a0abf2bdbf070490ba9bcfea2d11 5374 qemu_2.6+dfsg-2.dsc
 f72fccdfd39c7882c36af16bf024b5b416136ef1 78948 qemu_2.6+dfsg-2.debian.tar.xz
Checksums-Sha256:
 eed146b74c737bc623eab457f600051e40c3ef504238580b5e840040010ade2b 5374 
qemu_2.6+dfsg-2.dsc
 16cab07f355b55d02238989a1a16462231658a84bb717d7e30f1117170678e46 78948 
qemu_2.6+dfsg-2.debian.tar.xz
Files:
 42c1446bc58cfdce54cdd3aae2c5fa67 5374 otherosfs optional qemu_2.6+dfsg-2.dsc
 fe2fa2f56cc1696da0e13ae0f2e3b3b5 78948 otherosfs optional 
qemu_2.6+dfsg-2.debian.tar.xz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJXXoR8AAoJEL7lnXSkw9fbWvIIAIIO8qmUG+eta8K9DiorATiy
R1RJhpxs/GehjbL1gjGD9p0l4QVIyTJDFWhCgREIrTmBvdRGjV3K0haqW1zt6wMM
hloLV0HMuPVzXJkahiFsE6Ig5NMv2BoUT6WffUHdC8qPSeWeVyBl+HxstufNw4JQ
ZCevUEUxxrBj9fAQWoBwND+TX4KzNjOtSRWqrj7OQXX5dFp3BS1DNgTRu8pCXrqI
cAwgfW4yMglEe87skmuiII65hC5DSlMd0B5rHNCavn7kDOLvofEPJJv2SlMazSb/
8gLTOeA5dfoYXqvWkHc1TtMDgEa1gpcBpowBj9JSfPQrnesIpsK7QpttEGgAU0o=
=pWzU
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to