Your message dated Thu, 11 Jun 2015 17:19:56 +0000 with message-id <e1z368y-0007lx...@franck.debian.org> and subject line Bug#788460: fixed in qemu 1:2.3+dfsg-6 has caused the Debian Bug report #788460, regarding qemu: CVE-2015-3209: heap overflow in QEMU PCNET controller (allowing guest->host escape) to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 788460: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=788460 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: qemu Version: 1.1.2+dfsg-1 Severity: grave Tags: security upstream patch fixed-upstream Hi Michael, Filling a but to have a reference to the BTS. the following vulnerability was published for qemu. CVE-2015-3209[0]: heap overflow in qemu pcnet controller allowing guest to host escape If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2015-3209 [1] https://bugzilla.redhat.com/show_bug.cgi?id=1225882 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: qemu Source-Version: 1:2.3+dfsg-6 We believe that the bug you reported is fixed in the latest version of qemu, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 788...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Michael Tokarev <m...@tls.msk.ru> (supplier of updated qemu package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Thu, 11 Jun 2015 20:03:40 +0300 Source: qemu Binary: qemu qemu-system qemu-block-extra qemu-system-common qemu-system-misc qemu-system-arm qemu-system-mips qemu-system-ppc qemu-system-sparc qemu-system-x86 qemu-user qemu-user-static qemu-user-binfmt qemu-utils qemu-guest-agent qemu-kvm libcacard0 libcacard-dev libcacard-tools Architecture: source Version: 1:2.3+dfsg-6 Distribution: unstable Urgency: high Maintainer: Debian QEMU Team <pkg-qemu-de...@lists.alioth.debian.org> Changed-By: Michael Tokarev <m...@tls.msk.ru> Description: libcacard-dev - Virtual Common Access Card (CAC) Emulator (development files) libcacard-tools - Virtual Common Access Card (CAC) Emulator (tools) libcacard0 - Virtual Common Access Card (CAC) Emulator (runtime library) qemu - fast processor emulator qemu-block-extra - extra block backend modules for qemu-system and qemu-utils qemu-guest-agent - Guest-side qemu-system agent qemu-kvm - QEMU Full virtualization on x86 hardware qemu-system - QEMU full system emulation binaries qemu-system-arm - QEMU full system emulation binaries (arm) qemu-system-common - QEMU full system emulation binaries (common files) qemu-system-mips - QEMU full system emulation binaries (mips) qemu-system-misc - QEMU full system emulation binaries (miscelaneous) qemu-system-ppc - QEMU full system emulation binaries (ppc) qemu-system-sparc - QEMU full system emulation binaries (sparc) qemu-system-x86 - QEMU full system emulation binaries (x86) qemu-user - QEMU user mode emulation binaries qemu-user-binfmt - QEMU user mode binfmt registration for qemu-user qemu-user-static - QEMU user mode emulation binaries (static version) qemu-utils - QEMU utilities Closes: 788460 Changes: qemu (1:2.3+dfsg-6) unstable; urgency=high . * pcnet-force-buffer-access-to-be-in-bounds-CVE-2015-3209.patch from upstream (Closes: #788460 CVE-2015-3209) Checksums-Sha1: b8d25346f471f980831c2836ab7c8fb2b3f2d049 6040 qemu_2.3+dfsg-6.dsc 9594c116692a516f2a691e55f952e9883ab99ec5 82508 qemu_2.3+dfsg-6.debian.tar.xz Checksums-Sha256: fd410eee7137bcbb3239416975a45e302aded6c45dd403b45582420b9917284f 6040 qemu_2.3+dfsg-6.dsc b42ad180d5f8b070a662f4c6649f9e3c97694f628ed92a50fa61cea9ea873b12 82508 qemu_2.3+dfsg-6.debian.tar.xz Files: 4a45e72df248bf0166eee833f6e6e4c6 6040 otherosfs optional qemu_2.3+dfsg-6.dsc 863ad20112e617b16b1d55e91c087561 82508 otherosfs optional qemu_2.3+dfsg-6.debian.tar.xz -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJVeb+CAAoJEL7lnXSkw9fbSZoH/1pyFGDXqjdma6IXmN7xI2b9 Tq93SkaVZExUwSE+76hQFVDNWnoQm6PAcEbYVzy20lmJnMRXBZDngNRfqDd8XP+u HtfWOWqE5H8WYJECAc9efUbGSe3sTTqzqU3fGK12huCKCwEtt4U1j2k2kzlLvVcQ 85/gaSnlTGNse+thrvH/T6kuprgrfkLchB+0TlMMIjlNBIh+QWOsw0zObSn3E7g0 q2sVJwfgOYBr6dPm5Ie8odIS3A+aFGs32tKVqe2+HNHXSSbqPnMTLOQkuX6WIPJS 2Djy8F6owvTgrU4EEbzXFDXdrbpQR6nega+PtmI9YS5UETz3MA5EwHbDU0yWPKU= =y1WG -----END PGP SIGNATURE-----
--- End Message ---
