Debian Bug report logs - #444007
CVE-2007-1320 multiple heap based buffer overflows

version graph

Package: xen-3.0; Maintainer for xen-3.0 is (unknown);

Reported by: Nico Golde <>

Date: Tue, 25 Sep 2007 12:18:02 UTC

Severity: grave

Tags: security

Found in version 3.0.3-0-2

Fixed in version xen-3.0/3.0.3-0-3

Done: Bastian Blank <>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to, Debian Xen Team <>:
Bug#444007; Package xen-3.0. Full text and rfc822 format available.

Acknowledgement sent to Nico Golde <>:
New Bug report received and forwarded. Copy sent to Debian Xen Team <>. Full text and rfc822 format available.

Message #5 received at (full text, mbox):

From: Nico Golde <>
Subject: CVE-2007-1320 multiple heap based buffer overflows
Date: Tue, 25 Sep 2007 14:12:19 +0200
[Message part 1 (text/plain, inline)]
Package: xen-3.0
Version: 3.0.3-0-2
Severity: grave
Tags: security

the following CVE (Common Vulnerabilities & Exposures) id was
published for xen-3.0.

| Multiple heap-based buffer overflows in the cirrus_invalidate_region
| function in the Cirrus VGA extension in QEMU 0.8.2 might allow local
| users to execute arbitrary code via unspecified vectors related to
| "attempting to mark non-existent regions as dirty," aka the "bitblt"
| heap overflow.

If you fix this vulnerability please also include the CVE id
in your changelog entry.

This also affects xen in etch.
Please have a look at:

For further information:

Kind regards

Nico Golde - - - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
[Message part 2 (application/pgp-signature, inline)]

Reply sent to Bastian Blank <>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Nico Golde <>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #10 received at (full text, mbox):

From: Bastian Blank <>
Subject: Bug#444007: fixed in xen-3.0 3.0.3-0-3
Date: Tue, 16 Oct 2007 19:56:36 +0000
Source: xen-3.0
Source-Version: 3.0.3-0-3

We believe that the bug you reported is fixed in the latest version of
xen-3.0, which is due to be installed in the Debian FTP archive:

  to pool/main/x/xen-3.0/xen-3.0_3.0.3-0-3.diff.gz
  to pool/main/x/xen-3.0/xen-3.0_3.0.3-0-3.dsc
  to pool/main/x/xen-3.0/xen-docs-3.0_3.0.3-0-3_all.deb
  to pool/main/x/xen-3.0/xen-hypervisor-3.0.3-1-amd64_3.0.3-0-3_amd64.deb
  to pool/main/x/xen-3.0/xen-ioemu-3.0.3-1_3.0.3-0-3_amd64.deb
  to pool/main/x/xen-3.0/xen-utils-3.0.3-1_3.0.3-0-3_amd64.deb

A summary of the changes between this version and the previous one is

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
Bastian Blank <> (supplier of updated xen-3.0 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing

Hash: SHA1

Format: 1.7
Date: Fri, 05 Oct 2007 07:44:54 +0000
Source: xen-3.0
Binary: xen-docs-3.0 xen-hypervisor-3.0.3-1-i386-pae xen-utils-3.0.3-1 xen-hypervisor-3.0.3-1-i386 xen-hypervisor-3.0.3-1-amd64 xen-ioemu-3.0.3-1
Architecture: source amd64 all
Version: 3.0.3-0-3
Distribution: stable-security
Urgency: low
Maintainer: Debian Xen Team <>
Changed-By: Bastian Blank <>
 xen-docs-3.0 - documentation for XEN, a Virtual Machine Monitor
 xen-hypervisor-3.0.3-1-amd64 - The Xen Hypervisor on AMD64
 xen-ioemu-3.0.3-1 - XEN administrative tools
 xen-utils-3.0.3-1 - XEN administrative tools
Closes: 444007 444430
 xen-3.0 (3.0.3-0-3) stable-security; urgency=low
   * Use linux-support-2.6.18-5.
   * Don't use exec with untrusted values in pygrub. (closes: #444430)
     See CVE-2007-4993.
   * Add bounds checks for cirrus bitblit memory accesses in qemu.
     (closes: #444007)
     See CVE-2007-1320.
 d42726f5a374bfb8eb1a6618174ff893 1115 misc extra xen-3.0_3.0.3-0-3.dsc
 71257a2d977a601594c70c9eac0a121b 6127238 misc extra xen-3.0_3.0.3-0.orig.tar.gz
 64f2dd856726a95d88fe48531e987ff4 28697 misc extra xen-3.0_3.0.3-0-3.diff.gz
 b91af7395e7a1169be06ced33ef56daa 533396 misc extra xen-docs-3.0_3.0.3-0-3_all.deb
 b4ceb2935cf07339c98b7aa67709a508 368012 misc extra xen-utils-3.0.3-1_3.0.3-0-3_amd64.deb
 f7f8a51f48c87072fe2c0ffd03e066aa 331438 misc extra xen-ioemu-3.0.3-1_3.0.3-0-3_amd64.deb
 7957630a8fcd612e7492b7d14a36512d 269956 misc extra xen-hypervisor-3.0.3-1-amd64_3.0.3-0-3_amd64.deb

Version: GnuPG v1.4.6 (GNU/Linux)


Bug archived. Request was from Debbugs Internal Request <> to (Thu, 24 Jan 2008 07:25:48 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.

Debian bug tracking system administrator <>. Last modified: Thu Apr 17 12:48:42 2014; Machine Name:

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.