From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:43113) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XPrbW-0004Pv-RH for qemu-devel@nongnu.org; Fri, 05 Sep 2014 07:23:04 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1XPrbQ-0002Qv-GD for qemu-devel@nongnu.org; Fri, 05 Sep 2014 07:22:58 -0400 From: Gerd Hoffmann Date: Fri, 5 Sep 2014 13:21:50 +0200 Message-Id: <1409916113-3472-1-git-send-email-kraxel@redhat.com> Subject: [Qemu-devel] [CVE-2014-3615 PULL 0/3] vbe: bochs dispi interface fixes List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: qemu-devel@nongnu.org Cc: Petr Matousek , qemu-stable@nongnu.org, P J P , Gerd Hoffmann , spice-devel@lists.freedesktop.org, Laszlo Ersek Hi, So, as announced yesterday, here comes the CVE-2014-3615 pull request. please pull, Gerd The following changes since commit 30eaca3acdf17d7bcbd1213eb149c02037edfb0b: Merge remote-tracking branch 'remotes/spice/tags/pull-spice-20140902-1' into staging (2014-09-02 10:26:10 +0100) are available in the git repository at: git://git.kraxel.org/qemu tags/pull-cve-2014-3615-20140905-1 for you to fetch changes up to ab9509cceabef28071e41bdfa073083859c949a7: spice: make sure we don't overflow ssd->buf (2014-09-05 12:19:50 +0200) ---------------------------------------------------------------- CVE-2014-3615: fix sanity checks in vbe (bochs dispi) and spice. ---------------------------------------------------------------- Gerd Hoffmann (3): vbe: make bochs dispi interface return the correct memory size with qxl vbe: rework sanity checks spice: make sure we don't overflow ssd->buf hw/display/qxl.c | 1 + hw/display/vga.c | 159 ++++++++++++++++++++++++++++++++------------------- hw/display/vga_int.h | 1 + ui/spice-display.c | 20 +++++-- 4 files changed, 116 insertions(+), 65 deletions(-)