From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:56584) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XPR6I-0002Qd-V7 for qemu-devel@nongnu.org; Thu, 04 Sep 2014 03:05:09 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1XPR6A-0002ZB-LL for qemu-devel@nongnu.org; Thu, 04 Sep 2014 03:04:58 -0400 From: Gerd Hoffmann Date: Thu, 4 Sep 2014 09:04:30 +0200 Message-Id: <1409814273-11463-1-git-send-email-kraxel@redhat.com> Subject: [Qemu-devel] [CVE-2014-3615 PATCH v2 0/3] vbe: bochs dispi interface fixes List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: qemu-devel@nongnu.org Cc: Petr Matousek , qemu-stable@nongnu.org, P J P , Gerd Hoffmann , spice-devel@lists.freedesktop.org, Laszlo Ersek Hi, Two fixes for the bochs dispi interface, one of them fixing a minor security issue. New in v2: Got a CVE number. Investigation & patch review found a related issue in the spice code, so there is an additional patch. /me plans to send a pull tomorrow, so this can go in fast enougth for being cherry-picked into stable for the qemu 2.1.1 release. please review, Gerd Gerd Hoffmann (3): vbe: make bochs dispi interface return the correct memory size with qxl vbe: rework sanity checks spice: make sure we don't overflow ssd->buf hw/display/qxl.c | 1 + hw/display/vga.c | 159 ++++++++++++++++++++++++++++++++------------------- hw/display/vga_int.h | 1 + ui/spice-display.c | 16 ++++-- 4 files changed, 113 insertions(+), 64 deletions(-) -- 1.8.3.1