Your message dated Fri, 23 Nov 2018 21:32:54 +0000
with message-id <e1gqj4i-000iqw...@fasolo.debian.org>
and subject line Bug#911468: fixed in qemu 1:2.8+dfsg-6+deb9u5
has caused the Debian Bug report #911468,
regarding qemu: CVE-2018-17962: pcnet: integer overflow leads to buffer overflow
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
911468: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=911468
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: qemu
Version: 1:2.12+dfsg-3
Severity: important
Tags: security upstream
Hi,
The following vulnerability was published for qemu.
CVE-2018-17962[0]:
| Qemu has a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because
| an incorrect integer data type is used.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2018-17962
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17962
[1] https://lists.gnu.org/archive/html/qemu-devel/2018-09/msg03268.html
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: qemu
Source-Version: 1:2.8+dfsg-6+deb9u5
We believe that the bug you reported is fixed in the latest version of
qemu, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 911...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Moritz Mühlenhoff <j...@debian.org> (supplier of updated qemu package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 08 Nov 2018 16:41:45 +0100
Source: qemu
Binary: qemu qemu-system qemu-block-extra qemu-system-common qemu-system-misc
qemu-system-arm qemu-system-mips qemu-system-ppc qemu-system-sparc
qemu-system-x86 qemu-user qemu-user-static qemu-user-binfmt qemu-utils
qemu-guest-agent qemu-kvm
Architecture: source amd64
Version: 1:2.8+dfsg-6+deb9u5
Distribution: stretch-security
Urgency: medium
Maintainer: Debian QEMU Team <pkg-qemu-de...@lists.alioth.debian.org>
Changed-By: Moritz Mühlenhoff <j...@debian.org>
Description:
qemu - fast processor emulator
qemu-block-extra - extra block backend modules for qemu-system and qemu-utils
qemu-guest-agent - Guest-side qemu-system agent
qemu-kvm - QEMU Full virtualization on x86 hardware
qemu-system - QEMU full system emulation binaries
qemu-system-arm - QEMU full system emulation binaries (arm)
qemu-system-common - QEMU full system emulation binaries (common files)
qemu-system-mips - QEMU full system emulation binaries (mips)
qemu-system-misc - QEMU full system emulation binaries (miscellaneous)
qemu-system-ppc - QEMU full system emulation binaries (ppc)
qemu-system-sparc - QEMU full system emulation binaries (sparc)
qemu-system-x86 - QEMU full system emulation binaries (x86)
qemu-user - QEMU user mode emulation binaries
qemu-user-binfmt - QEMU user mode binfmt registration for qemu-user
qemu-user-static - QEMU user mode emulation binaries (static version)
qemu-utils - QEMU utilities
Closes: 908682 910431 911468 911469
Changes:
qemu (1:2.8+dfsg-6+deb9u5) stretch-security; urgency=medium
.
* Backport SSBD support (Closes: #908682)
* CVE-2018-10839 (Closes: #910431)
* CVE-2018-17962 (Closes: #911468)
* CVE-2018-17963 (Closes: #911469)
Checksums-Sha1:
51d9a6ab1938acf80d1c4dda5eccbbbacb196cca 5904 qemu_2.8+dfsg-6+deb9u5.dsc
43e41704d1befe6ff21fe4c460974938fd1a9d1c 153452
qemu_2.8+dfsg-6+deb9u5.debian.tar.xz
2bb046d38c6d176249b9faba8578ee458ce2e012 276060
qemu-block-extra-dbgsym_2.8+dfsg-6+deb9u5_amd64.deb
15061b0a968f84e910391246697ffa138adebc86 105362
qemu-block-extra_2.8+dfsg-6+deb9u5_amd64.deb
4c29681c0248affe9784649493869a7a6b1b1c00 771368
qemu-guest-agent-dbgsym_2.8+dfsg-6+deb9u5_amd64.deb
48d4cd0816ed6560f73e2df2b436a37ee2f7d3fe 314908
qemu-guest-agent_2.8+dfsg-6+deb9u5_amd64.deb
dc30f657ff3fae27899a50d65e0ffbeca0429fce 66802
qemu-kvm_2.8+dfsg-6+deb9u5_amd64.deb
710b232915152ba891b7fb06ab69c73a94514c8c 33553014
qemu-system-arm-dbgsym_2.8+dfsg-6+deb9u5_amd64.deb
26ba135064c64507e1f6aa94fefa161b0720436a 5246398
qemu-system-arm_2.8+dfsg-6+deb9u5_amd64.deb
dae8fa6d5c94b1463d58a925d78279e857d10641 329706
qemu-system-common-dbgsym_2.8+dfsg-6+deb9u5_amd64.deb
3ca4b1bab999da34a81934783465006e361c6405 501926
qemu-system-common_2.8+dfsg-6+deb9u5_amd64.deb
9e12e831caf035ad458b41209461708ed66d4f46 57946296
qemu-system-mips-dbgsym_2.8+dfsg-6+deb9u5_amd64.deb
3f96cdeb30073fcb5d32ab78410293292d471961 8966598
qemu-system-mips_2.8+dfsg-6+deb9u5_amd64.deb
f4d036baf924c1843222b25a41f0baa8a5f0b1af 151490148
qemu-system-misc-dbgsym_2.8+dfsg-6+deb9u5_amd64.deb
0a468335fe5e6daaaee2f87ae2c65497b89c2606 13482042
qemu-system-misc_2.8+dfsg-6+deb9u5_amd64.deb
fba85e85b6504dbe64e41799a55a09c4fb8193c1 44801268
qemu-system-ppc-dbgsym_2.8+dfsg-6+deb9u5_amd64.deb
c86fe11d348eccce2e5b78be4048f2cdcec4f585 7042832
qemu-system-ppc_2.8+dfsg-6+deb9u5_amd64.deb
ac5190c581f28dd164be2d828aaf8bce8c9a3c61 22557400
qemu-system-sparc-dbgsym_2.8+dfsg-6+deb9u5_amd64.deb
90e32e45c805d70fd6f7e57e38186af7ade46e68 2570714
qemu-system-sparc_2.8+dfsg-6+deb9u5_amd64.deb
6f7aa0ef8c59a362932d4dfb184ad932e3cb76fb 31965916
qemu-system-x86-dbgsym_2.8+dfsg-6+deb9u5_amd64.deb
eb10aff3207d6967fae13e9c3c996ec5b156eafe 4817648
qemu-system-x86_2.8+dfsg-6+deb9u5_amd64.deb
a57691dbea42346b6bb40169cdbbeb5cd3d6154a 65838
qemu-system_2.8+dfsg-6+deb9u5_amd64.deb
e2d7d4c746f2a6b74c2993cbefc536fb2bf1a511 2588
qemu-user-binfmt_2.8+dfsg-6+deb9u5_amd64.deb
efe854f09281a0df4dbe84357de527661138f8c7 80474330
qemu-user-dbgsym_2.8+dfsg-6+deb9u5_amd64.deb
d526f35ef4e90561a4f7a02a16e70e8849533fe7 88262500
qemu-user-static-dbgsym_2.8+dfsg-6+deb9u5_amd64.deb
42754002d1bff2c9855b9f22b85a9968144a09c0 8993782
qemu-user-static_2.8+dfsg-6+deb9u5_amd64.deb
07da425ef2a22200d10d32bc775275e88f3f0fd3 7943388
qemu-user_2.8+dfsg-6+deb9u5_amd64.deb
8e9f79e6f795857cff30ecf0d91ba971042e1cce 9734148
qemu-utils-dbgsym_2.8+dfsg-6+deb9u5_amd64.deb
30c2647917b3fccf67d95b51ee0a1a2e2d1dcc6e 985494
qemu-utils_2.8+dfsg-6+deb9u5_amd64.deb
8d07e437c28a4dcc685868e3d57f0e99e755cd4a 21852
qemu_2.8+dfsg-6+deb9u5_amd64.buildinfo
f1928a0766236e80c7a8f599d84761d73901132d 150722
qemu_2.8+dfsg-6+deb9u5_amd64.deb
Checksums-Sha256:
b1a3c690559f354ff17974f6c76a56158af9176ce977bfe720edc15d09073cac 5904
qemu_2.8+dfsg-6+deb9u5.dsc
fb2939f9153f36d5943a5b37f931c3b8ec3b93a94643df304b083dd27bcceebd 153452
qemu_2.8+dfsg-6+deb9u5.debian.tar.xz
273efb5b6ef481fddc5bd810c0f2ffd88497f4e669f57910e05afcc55043788a 276060
qemu-block-extra-dbgsym_2.8+dfsg-6+deb9u5_amd64.deb
bd2b9d014785bd73351bb0fa82c8ebdd61d6c10cc80352bc2b4c3ad8ea760b20 105362
qemu-block-extra_2.8+dfsg-6+deb9u5_amd64.deb
d21411c724e98bb4ec4654fc3038d0ba18fc1b9b0f16c7cf11dac149b4abd2e6 771368
qemu-guest-agent-dbgsym_2.8+dfsg-6+deb9u5_amd64.deb
7a910f7ac850e3265edab430403784d0147d0754da43589910dfe0898c60e478 314908
qemu-guest-agent_2.8+dfsg-6+deb9u5_amd64.deb
5a18146677b5afee101d04f3ead629edf5a751b0eb6e6c67136bb7ba167a1133 66802
qemu-kvm_2.8+dfsg-6+deb9u5_amd64.deb
3aa7cd2daecee80fa559c27fb6991f00b99bd9330624d55d92b895adcd1a654b 33553014
qemu-system-arm-dbgsym_2.8+dfsg-6+deb9u5_amd64.deb
a1ed26cf9702e234080715d3af8bfe9553d29da85e85866bd9fa589f3dac726f 5246398
qemu-system-arm_2.8+dfsg-6+deb9u5_amd64.deb
8270294b01dbbe90dcd268acbb2a02eaf65488e92c9762c424f6cc0989c5bc3c 329706
qemu-system-common-dbgsym_2.8+dfsg-6+deb9u5_amd64.deb
d5d69c5e26489b3e29679767c1095cd7a157afcaae7ce057faffd0b3dae42bbb 501926
qemu-system-common_2.8+dfsg-6+deb9u5_amd64.deb
fab544ae0c40190310b6b29aba6f7e37a4b68579945d8570a55f760053653381 57946296
qemu-system-mips-dbgsym_2.8+dfsg-6+deb9u5_amd64.deb
07b8a6c8b7cb056fa6cc7075738168243f7e1c50e7dae58c7245b2ed9b277151 8966598
qemu-system-mips_2.8+dfsg-6+deb9u5_amd64.deb
1df303a274e7e5db427c8c0fb75e249675710881e37d29b7bbed22f538bfb324 151490148
qemu-system-misc-dbgsym_2.8+dfsg-6+deb9u5_amd64.deb
9b34fb1dcfbfe3cc516c697f1ba1025657537221398a9aabf698a3b36d064a5c 13482042
qemu-system-misc_2.8+dfsg-6+deb9u5_amd64.deb
c22f89669d247e747b31ab3bb52bcdbd069516b768485e37ebfe1a5a1c1c8748 44801268
qemu-system-ppc-dbgsym_2.8+dfsg-6+deb9u5_amd64.deb
f52d693ae25c96a1474d9eadc266f61f0ce07bcf551d4d9037682e077b7d55ac 7042832
qemu-system-ppc_2.8+dfsg-6+deb9u5_amd64.deb
545023f1c32819b47fbf438baec9414c81be2bd61a5eebc26b9389763be6af50 22557400
qemu-system-sparc-dbgsym_2.8+dfsg-6+deb9u5_amd64.deb
4c6c41dede804fba57895eecb38481d8648dffd1369b03c83a151d60e5bd6e6d 2570714
qemu-system-sparc_2.8+dfsg-6+deb9u5_amd64.deb
0f236fe193201f945a9e3dbc5fd2fe75f8f6cf18dc8e70564095a8f1a552bdbf 31965916
qemu-system-x86-dbgsym_2.8+dfsg-6+deb9u5_amd64.deb
7cfc566926a1dc2dc01a852f9c5ddf1b449528a251f2d07bf192c75e4356f573 4817648
qemu-system-x86_2.8+dfsg-6+deb9u5_amd64.deb
3be6db453b4ef89a768f3371fc40f6183ce901bf2252b106c71c8516709da952 65838
qemu-system_2.8+dfsg-6+deb9u5_amd64.deb
32cad4078787808803e10041d15f1f0d7feba25cd79bfb6b848816a93b6aa842 2588
qemu-user-binfmt_2.8+dfsg-6+deb9u5_amd64.deb
ad998e3bafa9d22c42b3667c9bb1eabe0f5a008d9863174662fad599dcab53f1 80474330
qemu-user-dbgsym_2.8+dfsg-6+deb9u5_amd64.deb
42cbe5bc16c4e3be112283feb6d107e717064598a9226e275f879097fadea4f3 88262500
qemu-user-static-dbgsym_2.8+dfsg-6+deb9u5_amd64.deb
1a8d04b3a30aad6eee8d54137da542b4991b4e492d37cd3046d4c7f39ff431ed 8993782
qemu-user-static_2.8+dfsg-6+deb9u5_amd64.deb
f70c02e6c6dc2b5a2db6447cc45afc7360b835b4ec82e2bc263de7bdfcc4a66f 7943388
qemu-user_2.8+dfsg-6+deb9u5_amd64.deb
5f4d54b003a60dc662a0861e5f03a10ee7550d5bc8ab40710a43f5e48679078b 9734148
qemu-utils-dbgsym_2.8+dfsg-6+deb9u5_amd64.deb
f4ae199b22bb57dc398a300434471ab0de7739ada0c91a0720810ac70e0fa701 985494
qemu-utils_2.8+dfsg-6+deb9u5_amd64.deb
cedcebe6c10a80b69beb3118c0484cae938b58189009e83b88ad6d18a00e24c6 21852
qemu_2.8+dfsg-6+deb9u5_amd64.buildinfo
f09e96992d934eb46496726c7305c09f9876b4993385ae58f9730e1e1c4aadb9 150722
qemu_2.8+dfsg-6+deb9u5_amd64.deb
Files:
4d4992814e4a14c53490dcdff6ca0678 5904 otherosfs optional
qemu_2.8+dfsg-6+deb9u5.dsc
ef9b3b8adcb621e0fc7c424dfa4ba26f 153452 otherosfs optional
qemu_2.8+dfsg-6+deb9u5.debian.tar.xz
51759a18ee1760d27dbfa878022c0207 276060 debug extra
qemu-block-extra-dbgsym_2.8+dfsg-6+deb9u5_amd64.deb
250b55f1c7d716816b7a8e857606df25 105362 otherosfs optional
qemu-block-extra_2.8+dfsg-6+deb9u5_amd64.deb
1bac8db36c1f174e17297bee7620fe7a 771368 debug extra
qemu-guest-agent-dbgsym_2.8+dfsg-6+deb9u5_amd64.deb
ad7a3b5ae9b54c709f4e25a46660997d 314908 otherosfs optional
qemu-guest-agent_2.8+dfsg-6+deb9u5_amd64.deb
f4252d4164d5999a22c0930fed5604d1 66802 otherosfs optional
qemu-kvm_2.8+dfsg-6+deb9u5_amd64.deb
8b40857666c802bfe6bc1de96a898a65 33553014 debug extra
qemu-system-arm-dbgsym_2.8+dfsg-6+deb9u5_amd64.deb
eeef897e68ab03a521f004dc8ff48b3b 5246398 otherosfs optional
qemu-system-arm_2.8+dfsg-6+deb9u5_amd64.deb
e414abc3be32d382fdd6a8dc314727d6 329706 debug extra
qemu-system-common-dbgsym_2.8+dfsg-6+deb9u5_amd64.deb
d764eec055138aade027dd3a9948d275 501926 otherosfs optional
qemu-system-common_2.8+dfsg-6+deb9u5_amd64.deb
ea0eb531ecdc9a521a32b67024c004b4 57946296 debug extra
qemu-system-mips-dbgsym_2.8+dfsg-6+deb9u5_amd64.deb
2553b28cc3a48c42b4ed6ebedc1771be 8966598 otherosfs optional
qemu-system-mips_2.8+dfsg-6+deb9u5_amd64.deb
1d6eae01d21aead15c45171880454dc8 151490148 debug extra
qemu-system-misc-dbgsym_2.8+dfsg-6+deb9u5_amd64.deb
432bbd8f229424ff4bb4204a8ceee01b 13482042 otherosfs optional
qemu-system-misc_2.8+dfsg-6+deb9u5_amd64.deb
4731599e5a87cd38da088fd3219a692c 44801268 debug extra
qemu-system-ppc-dbgsym_2.8+dfsg-6+deb9u5_amd64.deb
562c4cb8203fbdc735ab1723120faae3 7042832 otherosfs optional
qemu-system-ppc_2.8+dfsg-6+deb9u5_amd64.deb
7ab5fd5eb22dcec82e8289e3047af336 22557400 debug extra
qemu-system-sparc-dbgsym_2.8+dfsg-6+deb9u5_amd64.deb
9d17f54295541bc8d57b376115a14332 2570714 otherosfs optional
qemu-system-sparc_2.8+dfsg-6+deb9u5_amd64.deb
fa5695b12a0ae496c2f98c6270c355ab 31965916 debug extra
qemu-system-x86-dbgsym_2.8+dfsg-6+deb9u5_amd64.deb
2e96ae6d2e68b7de1adbc63291abff92 4817648 otherosfs optional
qemu-system-x86_2.8+dfsg-6+deb9u5_amd64.deb
fc2f16f85401d1871df2c88a12305a58 65838 otherosfs optional
qemu-system_2.8+dfsg-6+deb9u5_amd64.deb
f9e33ecbc76d82054a89c3ea377f42ba 2588 otherosfs optional
qemu-user-binfmt_2.8+dfsg-6+deb9u5_amd64.deb
277dd67abae18e1382d1501e2339cdc3 80474330 debug extra
qemu-user-dbgsym_2.8+dfsg-6+deb9u5_amd64.deb
5b0a018204695e766d64543f2b9bc3a4 88262500 debug extra
qemu-user-static-dbgsym_2.8+dfsg-6+deb9u5_amd64.deb
a26a2fb922219beb0074529a4b8464a5 8993782 otherosfs optional
qemu-user-static_2.8+dfsg-6+deb9u5_amd64.deb
4abe16b99e363731e1a3ac557a7e2d4a 7943388 otherosfs optional
qemu-user_2.8+dfsg-6+deb9u5_amd64.deb
719489e5767390de311d8011ed71904c 9734148 debug extra
qemu-utils-dbgsym_2.8+dfsg-6+deb9u5_amd64.deb
21b82d68d2daff059586c9b4edb46438 985494 otherosfs optional
qemu-utils_2.8+dfsg-6+deb9u5_amd64.deb
7e171c409f2b6b091bb9aba3cad9c501 21852 otherosfs optional
qemu_2.8+dfsg-6+deb9u5_amd64.buildinfo
e9d9bda65fcd91b139afded2dff949b0 150722 otherosfs optional
qemu_2.8+dfsg-6+deb9u5_amd64.deb
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlvls8gACgkQEMKTtsN8
TjagqBAAknGc2eR71HcWqmVqX+k9OzmMPgqERuRB8oRRzK42iVlqBptb4kaaC49B
rTT+OpXKzUlN6m+klV+fs4axQM3dZDPbJe2W0zBzIPV3zZxsUtbacmBuDKhU7SJO
7KhCWaaStC4gcWPz7nunyv4BuxKWYLcQZHd32YG5nBvDYgnOaiR7DE0pPlF/Ehiv
+y/g1AHR3siWmEeLlFpKFv7yZjFpWbTgUenm4qQ1/Xs5i+S7AY+ZuNnEa+pekGeM
qaoZWX4PsphJ67ZNzhuyb92VaUaJg2JFIctxvdp4nMjgg94vupY+TV05hMJ8aDrL
nakIlDe3K/iy6EAr04FGYv+/TMXMmcIH8FksXRSoaBV0yhszn1aD6+TOzbPb2HKt
N6X5e/h7GFXA7DKCjQuMwDUT5+S1/e8qJJu+BCfz+9gDEDnlBIjQZoDlKUQE5y/2
MENFINcELZgmIT8b+vGJv4mdjN1BxUc54zRD60L5jy+RN4xyy4MX/9rd3/s+msz2
8V3zuSwDvDZ+vOh2Ij0CLIzHrblUyxGjsiwNfKD3bFr2EbQxaCVXcKOVwqc+vypJ
m19FY1XtcNTgAVxyt6LOZ3uZdVtzghqylzOkWaGPXU5SADnRrNy+2IDZ6oJdpYyv
sT6i2gpGnWUnqWxzv5ec7tlBbUDPCHKZLNCCx2pKfioYlqw1Fyo=
=fcYL
-----END PGP SIGNATURE-----
--- End Message ---
