Your message dated Thu, 23 Jul 2020 20:38:07 +0000
with message-id <[email protected]>
and subject line Bug#961888: fixed in qemu 1:3.1+dfsg-8+deb10u6
has caused the Debian Bug report #961888,
regarding qemu: CVE-2020-13361
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
961888: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=961888
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: qemu
Version: 1:5.0-5
Severity: important
Tags: security upstream
Forwarded: https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg07230.html
Hi,
The following vulnerability was published for qemu.
CVE-2020-13361[0]:
| In QEMU 4.2.0, es1370_transfer_audio in hw/audio/es1370.c does not
| properly validate the frame count, which allows guest OS users to
| trigger an out-of-bounds access during an es1370_write() operation.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2020-13361
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13361
[1] https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg07230.html
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: qemu
Source-Version: 1:3.1+dfsg-8+deb10u6
Done: Michael Tokarev <[email protected]>
We believe that the bug you reported is fixed in the latest version of
qemu, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michael Tokarev <[email protected]> (supplier of updated qemu package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sat, 04 Jul 2020 13:17:32 +0300
Source: qemu
Architecture: source
Version: 1:3.1+dfsg-8+deb10u6
Distribution: buster-security
Urgency: high
Maintainer: Debian QEMU Team <[email protected]>
Changed-By: Michael Tokarev <[email protected]>
Closes: 961887 961888
Changes:
qemu (1:3.1+dfsg-8+deb10u6) buster-security; urgency=high
.
*
revert-memory-accept-mismatching-sizes-in-memory_region_access_valid...patch
Closes: CVE-2020-13754, possible OOB memory accesses in a bunch of qemu
devices which uses min_access_size and max_access_size Memory API fields.
Also closes: CVE-2020-13791
* acpi-tmr-allow-2-byte-reads.patch - fix an issue in MacOS exposed by
the previous "revert-.." change (#964247)
* exec-set-map-length-to-zero-when-returning-NULL-CVE-2020-13659.patch
CVE-2020-13659: address_space_map in exec.c can trigger
a NULL pointer dereference related to BounceBuffer
* megasas-use-unsigned-type-for-reply_queue_head-and-check-index...patch
Closes: #961887, CVE-2020-13362, megasas_lookup_frame in hw/scsi/megasas.c
has an OOB read via a crafted reply_queue_head field from a guest OS user
* megasas-use-unsigned-type-for-positive-numeric-fields.patch
fix other possible cases like in CVE-2020-13362 (#961887)
* megasas-fix-possible-out-of-bounds-array-access.patch
Some tracepoints use a guest-controlled value as an index into the
mfi_frame_desc[] array. Thus a malicious guest could cause a very low
impact OOB errors here
* es1370-check-total-frame-count-against-current-frame-CVE-2020-13361.patch
Closes: #961888, CVE-2020-13361, es1370_transfer_audio in hw/audio/es1370.c
does not properly validate the frame count, which allows guest OS users
to trigger an out-of-bounds access during an es1370_write() operation
* slirp-drop-bogus-IPv6-messages-CVE-2020-10756.patch
Closes: CVE-2020-10756, possible OOB read in icmp6_send_echoreply()
Checksums-Sha1:
e5a9eaea0356e4e73d98cb9924a90228c62f8c67 6155 qemu_3.1+dfsg-8+deb10u6.dsc
8fef37f6415522375209c0b109b0b1e8af1473a9 108880
qemu_3.1+dfsg-8+deb10u6.debian.tar.xz
0ca040287d62909aa33fd3ea042be80be05da0e8 8663
qemu_3.1+dfsg-8+deb10u6_source.buildinfo
Checksums-Sha256:
5456c3ee75220ebc7f51a85f1ea12ac0679913f86da262f5963aa64b6d5bf34b 6155
qemu_3.1+dfsg-8+deb10u6.dsc
1bf29191828888ea47829972ac6053013b4c21dc9f2707ef7d35c956039d1d3a 108880
qemu_3.1+dfsg-8+deb10u6.debian.tar.xz
e2a674391acb25f5f2a259239e7b7b694a87287c4e01c9695e7b20af512b1ae6 8663
qemu_3.1+dfsg-8+deb10u6_source.buildinfo
Files:
84bf6cd780f4c36fe48d69416fef2ecf 6155 otherosfs optional
qemu_3.1+dfsg-8+deb10u6.dsc
7b23cb41b4ad1d09e4d5b5c38ec5fd96 108880 otherosfs optional
qemu_3.1+dfsg-8+deb10u6.debian.tar.xz
7b6058ee8e6bdf9eb8b92dddcda80c9d 8663 otherosfs optional
qemu_3.1+dfsg-8+deb10u6_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQFDBAEBCAAtFiEEe3O61ovnosKJMUsicBtPaxppPlkFAl8NjTkPHG1qdEB0bHMu
bXNrLnJ1AAoJEHAbT2saaT5ZProIAJ5pq7aoDUWKfNO8u02m8Xut/88PI/cgYa9I
inck/BvYFDRYKnZXyrPw4BVKaHkmKVSj+O/k5ZAGjnhZdKOeicZ4Ww9QQ5fNADZ2
XMB2/YFkCp3BZrJgNQgcjg48uOwaeommXwmaGjGubI5BQ6C/9gpzzoaTe7aJp/Ef
GGjc0bNq5v1Ks26ZU/oB/eaeetPOwL//cNj1sQxOoItohccAfe3/F0IpEjMZ6rhB
TvmlTDSFinrZZfpp34bVvSHvtrYD/SrDpPmimX2xAd7+Je2unqDXhIQj9sdAMix7
Z4B6+52zDgcbOJTfWQbIMPDepbJFPLBZuU0YG94vCv9CVc25dMg=
=GCc2
-----END PGP SIGNATURE-----
--- End Message ---
