From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:41035) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fn4DH-0007RV-SA for qemu-devel@nongnu.org; Tue, 07 Aug 2018 11:48:00 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1fn4DD-0002kL-4B for qemu-devel@nongnu.org; Tue, 07 Aug 2018 11:47:59 -0400 From: Markus Armbruster References: <20180807114501.12370-1-peter.maydell@linaro.org> <20180807125223.GF2556@work-vm> <20180807125819.GP7335@redhat.com> <00ac9577-52cc-bf48-f0b8-7d15abb2c21f@redhat.com> <20180807130958.GQ7335@redhat.com> Date: Tue, 07 Aug 2018 17:47:48 +0200 In-Reply-To: (Peter Maydell's message of "Tue, 7 Aug 2018 14:47:20 +0100") Message-ID: <87bmae41qz.fsf@dusky.pond.sub.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Subject: Re: [Qemu-devel] [PATCH for-3.0] slirp: Correct size check in m_inc() List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Peter Maydell Cc: "Daniel P. =?utf-8?Q?Berrang=C3=A9?=" , Thomas Huth , Prasad J Pandit , "patches@linaro.org" , Jan Kiszka , Jason Wang , "Dr. David Alan Gilbert" , QEMU Developers , liqsub1 , Samuel Thibault , qemu-stable Peter Maydell writes: > On 7 August 2018 at 14:09, Daniel P. Berrang=C3=A9 = wrote: >> On Tue, Aug 07, 2018 at 03:07:07PM +0200, Thomas Huth wrote: >>> But 864036e251f54c9 was never part of an official QEMU release, was it? >>> Or did it go into a stable release already? If not, I think you simply >>> need both patches to fix the CVE instead. >> >> Ah possibly - I didn't look at where 864036e251f54c9 was actually >> release or not. If its onyl git master, then yeah, we can use the >> same CVE we already have. > > Yeah, we haven't released anything with 864036e251f54c9 in it yet. > (In particular we did not flag it up for stable and so it is not > in 2.12.1...) Pointing out the obvious: this is a second opportunity to flag the CVE fix for stable.