* QEMU "drive_init()" Disk Format Security Bypass @ 2008-05-08 14:02 Eren Türkay 2008-05-08 14:12 ` Daniel P. Berrange 0 siblings, 1 reply; 3+ messages in thread From: Eren Türkay @ 2008-05-08 14:02 UTC (permalink / raw) To: kvm-devel Hello, An advisory about $subject was released today by secunia. The security flaw was fixed in QEmu SVN repository. Kvm uses some of the old version of qemu that I can't backport patch I grabbed from qemu svn repository. Could you look at this issue and provide a patch? http://secunia.com/advisories/30111/ Svn commit: http://svn.savannah.gnu.org/viewvc/?view=rev&root=qemu&revision=4277 Discussion: http://lists.gnu.org/archive/html/qemu-devel/2008-04/msg00675.html Regards, Eren ------------------------------------------------------------------------- This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone ^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: QEMU "drive_init()" Disk Format Security Bypass 2008-05-08 14:02 QEMU "drive_init()" Disk Format Security Bypass Eren Türkay @ 2008-05-08 14:12 ` Daniel P. Berrange 2008-05-08 14:17 ` Eren Türkay 0 siblings, 1 reply; 3+ messages in thread From: Daniel P. Berrange @ 2008-05-08 14:12 UTC (permalink / raw) To: Eren Türkay; +Cc: kvm-devel On Thu, May 08, 2008 at 05:02:28PM +0300, Eren T?rkay wrote: > Hello, > > An advisory about $subject was released today by secunia. The security flaw > was fixed in QEmu SVN repository. > > Kvm uses some of the old version of qemu that I can't backport patch I grabbed > from qemu svn repository. Could you look at this issue and provide a patch? KVM is synced to latest CVS version of QEMU on a regular basis. > http://secunia.com/advisories/30111/ > > Svn commit: > http://svn.savannah.gnu.org/viewvc/?view=rev&root=qemu&revision=4277 If you look at the KVM userspace code you'll see this patch is already included: http://git.kernel.org/?p=virt/kvm/kvm-userspace.git;a=commit;h=ce486fc1116eb53d40635be926bfa147ad520908 Regards, Daniel -- |: Red Hat, Engineering, Boston -o- http://people.redhat.com/berrange/ :| |: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :| ------------------------------------------------------------------------- This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone ^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: QEMU "drive_init()" Disk Format Security Bypass 2008-05-08 14:12 ` Daniel P. Berrange @ 2008-05-08 14:17 ` Eren Türkay 0 siblings, 0 replies; 3+ messages in thread From: Eren Türkay @ 2008-05-08 14:17 UTC (permalink / raw) To: Daniel P. Berrange; +Cc: kvm-devel On 08 May 2008 Thu 17:12:14 Daniel P. Berrange wrote: > If you look at the KVM userspace code you'll see this patch is already > included: > > http://git.kernel.org/?p=virt/kvm/kvm-userspace.git;a=commit;h=ce486fc1116e >b53d40635be926bfa147ad520908 Thank you, I'll grab the patch and apply it to tarball. > Regards, > Daniel Regards, Eren ------------------------------------------------------------------------- This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone ^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2008-05-08 14:17 UTC | newest] Thread overview: 3+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2008-05-08 14:02 QEMU "drive_init()" Disk Format Security Bypass Eren Türkay 2008-05-08 14:12 ` Daniel P. Berrange 2008-05-08 14:17 ` Eren Türkay
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox