Bug#886532: marked as done (Coming updates for meltdown/spectre)

Sun, 03 Jun 2018 04:03:52 -0700 

Your message dated Sun, 03 Jun 2018 11:02:20 +0000
with message-id <e1fpqmc-0007rh...@fasolo.debian.org>
and subject line Bug#886532: fixed in qemu 1:2.8+dfsg-6+deb9u4
has caused the Debian Bug report #886532,
regarding Coming updates for meltdown/spectre
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
886532: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=886532
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: qemu
Severity: grave


Is it going to be possible to include this patch in qemu please?

https://lists.nongnu.org/archive/html/qemu-devel/2018-01/msg00811.html


ref: https://www.qemu.org/2018/01/04/spectre/


-N

--- End Message ---
--- Begin Message --- 
Source: qemu
Source-Version: 1:2.8+dfsg-6+deb9u4

We believe that the bug you reported is fixed in the latest version of
qemu, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 886...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Michael Tokarev <m...@tls.msk.ru> (supplier of updated qemu package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sat, 26 May 2018 13:06:04 +0300
Source: qemu
Binary: qemu qemu-system qemu-block-extra qemu-system-common qemu-system-misc 
qemu-system-arm qemu-system-mips qemu-system-ppc qemu-system-sparc 
qemu-system-x86 qemu-user qemu-user-static qemu-user-binfmt qemu-utils 
qemu-guest-agent qemu-kvm
Architecture: source
Version: 1:2.8+dfsg-6+deb9u4
Distribution: stretch-security
Urgency: high
Maintainer: Debian QEMU Team <pkg-qemu-de...@lists.alioth.debian.org>
Changed-By: Michael Tokarev <m...@tls.msk.ru>
Description:
 qemu       - fast processor emulator
 qemu-block-extra - extra block backend modules for qemu-system and qemu-utils
 qemu-guest-agent - Guest-side qemu-system agent
 qemu-kvm   - QEMU Full virtualization on x86 hardware
 qemu-system - QEMU full system emulation binaries
 qemu-system-arm - QEMU full system emulation binaries (arm)
 qemu-system-common - QEMU full system emulation binaries (common files)
 qemu-system-mips - QEMU full system emulation binaries (mips)
 qemu-system-misc - QEMU full system emulation binaries (miscellaneous)
 qemu-system-ppc - QEMU full system emulation binaries (ppc)
 qemu-system-sparc - QEMU full system emulation binaries (sparc)
 qemu-system-x86 - QEMU full system emulation binaries (x86)
 qemu-user  - QEMU user mode emulation binaries
 qemu-user-binfmt - QEMU user mode binfmt registration for qemu-user
 qemu-user-static - QEMU user mode emulation binaries (static version)
 qemu-utils - QEMU utilities
Closes: 877890 880832 880836 882136 883399 883625 884806 886532 887392 892041
Changes:
 qemu (1:2.8+dfsg-6+deb9u4) stretch-security; urgency=high
 .
   * CVE-2017-5715 (spectre/meltdown) fixes for i386 and s390x:
     CVE-2017-5715/i386-increase-X86CPUDefinition-model_id-to-49.patch
     CVE-2017-5715/i386-add-support-for-SPEC_CTRL-MSR.patch
     CVE-2017-5715/i386-add-spec-ctrl-CPUID-bit.patch
     CVE-2017-5715/i386-add-FEAT_8000_0008_EBX-CPUID-feature-word.patch
     CVE-2017-5715/i386-add-new-IBRS-versions-of-Intel-CPU-models.patch
     CVE-2017-5715/s390x-kvm-introduce-branch-prediction-blocking-contr.patch
     CVE-2017-5715/s390x-kvm-handle-bpb-feature.patch
     Closes: #886532, CVE-2017-5715
   * multiboot-bss_end_addr-can-be-zero-CVE-2018-7550.patch
     Closes: #892041, CVE-2018-7550
   * vga-check-the-validation-of-memory-addr-when-draw-text-CVE-2018-5683.patch
     Closes: #887392, CVE-2018-5683
   * osdep-fix-ROUND_UP-64-bit-32-bit-CVE-2017-18043.patch
     Closes: CVE-2017-18043
   * virtio-check-VirtQueue-Vring-object-is-set-CVE-2017-17381.patch
     Closes: #883625, CVE-2017-17381
   * ps2-check-PS2Queue-pointers-in-post_load-routine-CVE-2017-16845.patch
     Closes: #882136, CVE-2017-16845
   * cirrus-fix-oob-access-in-mode4and5-write-functions-CVE-2017-15289.patch
     Closes: #880832, CVE-2017-15289
   * 
io-monitor-encoutput-buffer-size-from-websocket-GSource-CVE-2017-15268.patch
     Closes: #880836, CVE-2017-15268
   * nbd-server-CVE-2017-15119-Reject-options-larger-than-32M.patch
     Closes: #883399, CVE-2017-15119
   * 9pfs-use-g_malloc0-to-allocate-space-for-xattr-CVE-2017-15038.patch
     Closes: #877890, CVE-2017-15038
   * CVE-2017-15124 (VNC server unbounded memory usage) fixes:
     CVE-2017-15124/01-ui-remove-sync-parameter-from-vnc_update_client.patch
     CVE-2017-15124/02-ui-remove-unreachable-code-in-vnc_update_client.patch
     
CVE-2017-15124/03-ui-remove-redundant-indentation-in-vnc_client_update.patch
     
CVE-2017-15124/04-ui-avoid-pointless-VNC-updates-if-framebuffer-isn-t-.patch
     
CVE-2017-15124/05-ui-track-how-much-decoded-data-we-consumed-when-doin.patch
     
CVE-2017-15124/06-ui-introduce-enum-to-track-VNC-client-framebuffer-up.patch
     
CVE-2017-15124/07-ui-correctly-reset-framebuffer-update-state-after-pr.patch
     
CVE-2017-15124/08-ui-refactor-code-for-determining-if-an-update-should.patch
     
CVE-2017-15124/09-ui-fix-VNC-client-throttling-when-audio-capture-is-a.patch
     
CVE-2017-15124/10-ui-fix-VNC-client-throttling-when-forced-update-is-r.patch
     
CVE-2017-15124/11-ui-place-a-hard-cap-on-VNC-server-output-buffer-size.patch
     
CVE-2017-15124/12-ui-add-trace-events-related-to-VNC-client-throttling.patch
     
CVE-2017-15124/13-ui-mix-misleading-comments-return-types-of-VNC-I-O-h.patch
     Closes: #884806, CVE-2017-15124
Checksums-Sha1:
 3eaadd4404ea50f67274eb28d97037825a1b2869 5579 qemu_2.8+dfsg-6+deb9u4.dsc
 ade882b6e42713bd6f4094c8eeb636a918dac5f9 151696 
qemu_2.8+dfsg-6+deb9u4.debian.tar.xz
 39ef066f758beadcbde371f43e60ffa095ddd247 11987 
qemu_2.8+dfsg-6+deb9u4_source.buildinfo
Checksums-Sha256:
 be323ab557fed1ae4f615c4c19e3ae7abe9b94f0281119721e019cbb5123f909 5579 
qemu_2.8+dfsg-6+deb9u4.dsc
 34b2b6da67ffa71f1e70d6d0f836aa27a840e767d2c3c7bc1734ae2814b52f94 151696 
qemu_2.8+dfsg-6+deb9u4.debian.tar.xz
 437b71b24b8da96278ffafb8a2a98887827b5e1706ecef207825059b4ba666b1 11987 
qemu_2.8+dfsg-6+deb9u4_source.buildinfo
Files:
 6e3771006299c70b45f37ad8c8c27605 5579 otherosfs optional 
qemu_2.8+dfsg-6+deb9u4.dsc
 9654bc03a47e11d133ae87d1e0fdbe52 151696 otherosfs optional 
qemu_2.8+dfsg-6+deb9u4.debian.tar.xz
 3b009fc18d489fad8c1a1623e669931a 11987 otherosfs optional 
qemu_2.8+dfsg-6+deb9u4_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQFDBAEBCAAtFiEEe3O61ovnosKJMUsicBtPaxppPlkFAlsJMcwPHG1qdEB0bHMu
bXNrLnJ1AAoJEHAbT2saaT5Z3mUH/A8PPA4y5oHpa5wUQqpGyAWhhPMN+dmJkGnl
aygGdg05ggGbRM4wZW6KhlCGHXq6v42M9kufA3wvuQ9Db7UtjjeB6Rf47RgPr8f9
ZX3IZjSWFR0nmYofcxo6a+bzulKcKbOmO/BAj53p7j5R+qT/WyzXgHarHajfGD+B
oykXsqrwE6EiWn/yQxU9omKiOU2L56q8fFBjxak4dHMEDWGXDOpdOJ8/aVc0lFu4
6NA5Q62VKBdpk0JaLxxsn/tz/MWH2SiQMBUTV/yB2nx/ZJMzHFOqOFEfrzARzDGa
xp7fkkErWSkQiT7kklX3ZucZ44TwBG7bwJ9b/vsaj/7HzWpOIOY=
=Veds
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to