Your message dated Wed, 09 Dec 2020 07:07:39 +0000
with message-id <[email protected]>
and subject line Bug#973324: fixed in qemu 1:5.2+dfsg-1
has caused the Debian Bug report #973324,
regarding qemu: CVE-2020-27617: assert failure in eth_get_gso_type
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
973324: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=973324
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: qemu
Version: 1:5.1+dfsg-4
Severity: important
Tags: security upstream
Forwarded:
https://lists.nongnu.org/archive/html/qemu-devel/2020-10/msg06023.html
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for qemu.
CVE-2020-27617[0]:
| net: an assert failure via eth_get_gso_type
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2020-27617
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27617
[1] https://lists.nongnu.org/archive/html/qemu-devel/2020-10/msg06023.html
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: qemu
Source-Version: 1:5.2+dfsg-1
Done: Michael Tokarev <[email protected]>
We believe that the bug you reported is fixed in the latest version of
qemu, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michael Tokarev <[email protected]> (supplier of updated qemu package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 09 Dec 2020 08:57:41 +0300
Source: qemu
Architecture: source
Version: 1:5.2+dfsg-1
Distribution: unstable
Urgency: medium
Maintainer: Debian QEMU Team <[email protected]>
Changed-By: Michael Tokarev <[email protected]>
Closes: 965978 970539 970540 970541 970542 972864 973324 974687 975265 975276
976388
Changes:
qemu (1:5.2+dfsg-1) unstable; urgency=medium
.
* new upstream release
Closes: #965978, CVE-2020-15859 (22dc8663d9fc7baa22100544c600b6285a63c7a3)
Closes: #970539, CVE-2020-25084 (21bc31524e8ca487e976f713b878d7338ee00df2)
Closes: #970540, CVE-2020-25085 (dfba99f17feb6d4a129da19d38df1bcd8579d1c3)
Closes: #970541, CVE-2020-25624 (1328fe0c32d5474604105b8105310e944976b058)
Closes: #970542, CVE-2020-25625 (1be90ebecc95b09a2ee5af3f60c412b45a766c4f)
Closes: #974687, CVE-2020-25707 (c2cb511634012344e3d0fe49a037a33b12d8a98a)
Closes: #975276, CVE-2020-25723 (2fdb42d840400d58f2e706ecca82c142b97bcbd6)
Closes: #975265, CVE-2020-27616 (ca1f9cbfdce4d63b10d57de80fef89a89d92a540)
Closes: #973324, CVE-2020-27617 (7564bf7701f00214cdc8a678a9f7df765244def1)
Closes: #972864, CVE-2020-27661 (bea2a9e3e00b275dc40cfa09c760c715b8753e03)
Closes: CVE-2020-27821 (1370d61ae3c9934861d2349349447605202f04e9)
Closes: #976388, CVE-2020-28916 (c2cb511634012344e3d0fe49a037a33b12d8a98a)
* remove obsolete patches
* refresh use-fixed-data-path.patch and debian/get-orig-source.sh
* bump minimum meson version required for build to 0.55.3
* update build rules for several components
* remove deprecated lm32 and unicore32 system emulators
* remove deprecated ppc64abi32 and tilegx linux-user emulators
* install ui-spice-core.so & chardev-spice.so in qemu-system-common
* install ui-egl-headless.so in qemu-system-common
* install hw-display-virtio-*.so in qemu-system-common
* install ui-opengl.so in qemu-system-gui
* install qemu-pr-helper.8 in qemu-system-common
* qemu-pr-helper moved to usr/bin/ again
* qboot.rom renamed from bios-microvm.bin
* remove several unused lintian overrides
* add spelling.diff patch to fix a few spelling errors
* update Standards-Version to 4.5.1
* fix a few trailing whitespaces in d/control and d/changelog
* require libcapstone >= 4.0.2 (v4) for build
Checksums-Sha1:
1935e70764f38581ec9b5053c969addbef72dbfe 6583 qemu_5.2+dfsg-1.dsc
e8eb0f04f1c0926a4e6285e897581080346c3344 19661072 qemu_5.2+dfsg.orig.tar.xz
35340aafee9a5bd3450ae76f94adb69084330aee 90668 qemu_5.2+dfsg-1.debian.tar.xz
744eff6e184e766f00da0ad9f7b9006b634b6ed1 17455 qemu_5.2+dfsg-1_source.buildinfo
Checksums-Sha256:
7ea9e0979645db02b206e089ccc6a00724320e76c85e496d1f26f5a92c710b8a 6583
qemu_5.2+dfsg-1.dsc
be5ae7ddc88d68af81c7b2435b95c1cad4e9416c9a1426ee5a6a4b9a9c0bf87e 19661072
qemu_5.2+dfsg.orig.tar.xz
734bfa030a6cca0c9c556b0c87a7f80b5c0f30be11e0ed3ccfdd5a0aa5cab414 90668
qemu_5.2+dfsg-1.debian.tar.xz
1a3a2f85d9b67cf7ed5296c37361707a04c03797d0d7b685b4e66c596223666a 17455
qemu_5.2+dfsg-1_source.buildinfo
Files:
5a24ae3460b21d2242e9f177d3b3a35a 6583 otherosfs optional qemu_5.2+dfsg-1.dsc
02abb3409bd2475287bb122ee8b0f99c 19661072 otherosfs optional
qemu_5.2+dfsg.orig.tar.xz
9520bdcc2e80a2bb31f21b163975a097 90668 otherosfs optional
qemu_5.2+dfsg-1.debian.tar.xz
dd52701fb95f6deaefb6ca70918a0965 17455 otherosfs optional
qemu_5.2+dfsg-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQFDBAEBCAAtFiEEe3O61ovnosKJMUsicBtPaxppPlkFAl/QcekPHG1qdEB0bHMu
bXNrLnJ1AAoJEHAbT2saaT5ZTOEIAK0Lv/2q2PQcMUfFWl1mVjwxSaQmdm7Z1ZXf
ZdXPwGgCMaJDKSVezCJD1oC/xnVB6obhP9cvTB5LpFrCR1GkUXOCnzGd2eGqdloY
FR1ba8Cyipv5/sFGC04edxDCSN00MQEbcx2ja2xcE/GrQ6DUMv/WE5CZDKhG35No
Z9/3Zz2nAPrU96MMYxHZjgJP1Ar1kEM/niueBp5QleX/p9VolfRHFmSW3L3Z1NQ8
smcSdD+pF37/4VnZf2a7NVaVRSGn0WqP4RaHdYemAPmQL2bjWgg/kPx8Wh5jxMsK
8gYMdLQ6QLhPpzVfGnf116gQDJ+KemSb76LP1ai7sWueSBIlkzs=
=/Ft6
-----END PGP SIGNATURE-----
--- End Message ---
