From: Gerd Hoffmann <kraxel@redhat.com>
To: qemu-devel@nongnu.org
Cc: Petr Matousek <pmatouse@redhat.com>,
qemu-stable@nongnu.org, P J P <ppandit@redhat.com>,
Gerd Hoffmann <kraxel@redhat.com>,
spice-devel@lists.freedesktop.org,
Laszlo Ersek <lersek@redhat.com>
Subject: [Qemu-devel] [CVE-2014-3615 PULL 0/3] vbe: bochs dispi interface fixes
Date: Fri, 5 Sep 2014 13:21:50 +0200 [thread overview]
Message-ID: <1409916113-3472-1-git-send-email-kraxel@redhat.com> (raw)
Hi,
So, as announced yesterday, here comes the CVE-2014-3615 pull request.
please pull,
Gerd
The following changes since commit 30eaca3acdf17d7bcbd1213eb149c02037edfb0b:
Merge remote-tracking branch 'remotes/spice/tags/pull-spice-20140902-1' into staging (2014-09-02 10:26:10 +0100)
are available in the git repository at:
git://git.kraxel.org/qemu tags/pull-cve-2014-3615-20140905-1
for you to fetch changes up to ab9509cceabef28071e41bdfa073083859c949a7:
spice: make sure we don't overflow ssd->buf (2014-09-05 12:19:50 +0200)
----------------------------------------------------------------
CVE-2014-3615: fix sanity checks in vbe (bochs dispi) and spice.
----------------------------------------------------------------
Gerd Hoffmann (3):
vbe: make bochs dispi interface return the correct memory size with qxl
vbe: rework sanity checks
spice: make sure we don't overflow ssd->buf
hw/display/qxl.c | 1 +
hw/display/vga.c | 159 ++++++++++++++++++++++++++++++++-------------------
hw/display/vga_int.h | 1 +
ui/spice-display.c | 20 +++++--
4 files changed, 116 insertions(+), 65 deletions(-)
next reply other threads:[~2014-09-05 11:23 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-09-05 11:21 Gerd Hoffmann [this message]
2014-09-05 11:21 ` [Qemu-devel] [CVE-2014-3615 PULL 1/3] vbe: make bochs dispi interface return the correct memory size with qxl Gerd Hoffmann
2014-09-05 11:21 ` [Qemu-devel] [CVE-2014-3615 PULL 2/3] vbe: rework sanity checks Gerd Hoffmann
2014-09-05 11:21 ` [Qemu-devel] [CVE-2014-3615 PULL 3/3] spice: make sure we don't overflow ssd->buf Gerd Hoffmann
2014-09-05 12:55 ` [Qemu-devel] [CVE-2014-3615 PULL 0/3] vbe: bochs dispi interface fixes Peter Maydell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1409916113-3472-1-git-send-email-kraxel@redhat.com \
--to=kraxel@redhat.com \
--cc=lersek@redhat.com \
--cc=pmatouse@redhat.com \
--cc=ppandit@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=qemu-stable@nongnu.org \
--cc=spice-devel@lists.freedesktop.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).