Your message dated Thu, 09 Oct 2025 12:08:53 +0000
with message-id <[email protected]>
and subject line Bug#1082377: fixed in qemu 1:10.1.1+ds-1
has caused the Debian Bug report #1082377,
regarding qemu: CVE-2024-8354
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1082377: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1082377
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: qemu
X-Debbugs-CC: [email protected]
Severity: important
Tags: security
Hi,
The following vulnerability was published for qemu.
CVE-2024-8354[0]:
| A flaw was found in QEMU. An assertion failure was present in the
| usb_ep_get() function in hw/net/core.c when trying to get the USB
| endpoint from a USB device. This flaw may allow a malicious
| unprivileged guest user to crash the QEMU process on the host and
| cause a denial of service condition.
https://bugzilla.redhat.com/show_bug.cgi?id=2313497
https://gitlab.com/qemu-project/qemu/-/issues/2548
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2024-8354
https://www.cve.org/CVERecord?id=CVE-2024-8354
Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---
Source: qemu
Source-Version: 1:10.1.1+ds-1
Done: Michael Tokarev <[email protected]>
We believe that the bug you reported is fixed in the latest version of
qemu, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michael Tokarev <[email protected]> (supplier of updated qemu package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 09 Oct 2025 14:50:34 +0300
Source: qemu
Architecture: source
Version: 1:10.1.1+ds-1
Distribution: unstable
Urgency: medium
Maintainer: Debian QEMU Team <[email protected]>
Changed-By: Michael Tokarev <[email protected]>
Closes: 1082377 1113951
Changes:
qemu (1:10.1.1+ds-1) unstable; urgency=medium
.
[ Michael Tokarev ]
* new upstream stable/bugfix release
Closes: #1082377, CVE-2024-8354
* removed patches included upstream:
- block-curl-fix-curl-internal-handles-handling.patch
- e1000e-prevent-crash-from-legacy-interrupt-firing-af.patch
- ui-spice-fix-crash-when-disabling-GL-scanout-on.patch
- hw-vfio-user-add-x-pci-class-code.patch
* d/control.mk: checked-version := 10.1.1+ds
* d/control: add python3-distlib:native build-dep variant due to #1115197
* aarch64-linux-user-no-pauth.patch: disable pauth on aarch64 linux-user
by default (Closes: #1113951)
.
[ Luca Boccassi ]
* qemu-guest-agent: add ConditionVirtualization=vm
* qemu-guest-agent: add Documentation= referring to manpages
Checksums-Sha1:
555235fc990a7d9d659ed22f59f1c5f8d6006aab 12365 qemu_10.1.1+ds-1.dsc
160f47dcab6f3e4319e8d307523d41a43778e56d 40226304 qemu_10.1.1+ds.orig.tar.xz
8de3c52a18e014d7664039cb851fbdf86e296c05 125056 qemu_10.1.1+ds-1.debian.tar.xz
e75ecf9849d55cc3af38f67f3d3bce8e9953248d 7753 qemu_10.1.1+ds-1_source.buildinfo
Checksums-Sha256:
b263d3d5318a6c830628cef7240dac9dee95025bedf205be822521fbe7943f4e 12365
qemu_10.1.1+ds-1.dsc
eb319c54c0b1fc6763dfe0c16f7d5077c26dfa610e136d65c2ca381f490850ae 40226304
qemu_10.1.1+ds.orig.tar.xz
574b5c628aa244803b64e1689d9fb1238d674d285cb75a603d2e3a065ea31f7e 125056
qemu_10.1.1+ds-1.debian.tar.xz
a2c55fcc5cc9719bbc5dc78d3e2e401e44c48614ffe0bb60bd8c2d6217449003 7753
qemu_10.1.1+ds-1_source.buildinfo
Files:
e31a019b886ad03a90623d6be58ad9cb 12365 otherosfs optional qemu_10.1.1+ds-1.dsc
08a0024363d82efbafb740c5133f91a8 40226304 otherosfs optional
qemu_10.1.1+ds.orig.tar.xz
b6939e6582c92aa8e3d0eb31436ad86b 125056 otherosfs optional
qemu_10.1.1+ds-1.debian.tar.xz
c4ec76f28acc77a1f83e688982b166f1 7753 otherosfs optional
qemu_10.1.1+ds-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
wsG7BAEBCgBvBYJo56GzCRCCqkokOx6UeEcUAAAAAAAeACBzYWx0QG5vdGF0aW9u
cy5zZXF1b2lhLXBncC5vcmeXQPVNB4uGd1UNntBZyAYfxYPWXgoq2CnuH8GlNTUy
AxYhBGSqKrUx1WkDNmv++YKqSiQ7HpR4AACbpg/+ObsFDRGVFHrocJsxFwivZ+lu
euIckmzIBDRMabAtMQI9ymZ9rLufO1vgs+FD+DzPmNi8hhayfqhJpwNa8fa+L3cL
MqAGrtumaNIE6r9Ttw6N6bpb5PQXWxElhfE48M/vncRuecY4SGpKVdWUO8XmSvh/
M2UDj8pskVm9Lm1gbNwUsg5wVp0vtY7TyBwWJ5VSgOlJA+AF7UNdaQPDegha2cvU
PixDtCLWKKUT4rN+8OYyW2r366imQ76Ny/Xj4KdNXA17DknpmuYLcny6yXxLvQcu
VZg1oZORNw/mDi68+b/HvsgEonv8KLb0OAQgTxzxz+TUy+mI5dfiPxCkCPSa15Ye
YcacHOBKc/ScQ/abQaJvJ71tJponey9G3HBTZYUcIZ0mbSt0XUI6tQh8kgVBRdPK
f7X5v13FNHtZFzrfHVbPvpuxVRdvkxhY8HZKWcGSeDrWQAW/iyvaFANVVrlERPA+
DmQDDdbLsfE+OUCum7eSejYhTDgfCZyr4UM1kcrKrTpgb3KVg0itlVV0Rf/bwypm
CKv9ase9pJVUzcBsRrRw7HshZo+6C83zG8qk8hQjIUHHR6JtKcCLIRVQXlFBB6iM
glBnwT94hXdvqU16SIPPr4OyyRpIrWjIaF8ersZcm8+BQzRdm67joXQuqBfyMJMC
tXTon7oagCV5v+FhJQk=
=loV6
-----END PGP SIGNATURE-----
pgpeQI57ACcy6.pgp
Description: PGP signature
--- End Message ---
