From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1MsMI6-0001Wn-Q6 for qemu-devel@nongnu.org; Mon, 28 Sep 2009 15:53:46 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1MsMI5-0001Up-7m for qemu-devel@nongnu.org; Mon, 28 Sep 2009 15:53:46 -0400 Received: from [199.232.76.173] (port=54513 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1MsMI5-0001Ug-4W for qemu-devel@nongnu.org; Mon, 28 Sep 2009 15:53:45 -0400 Received: from b.jim.sh ([75.150.123.26]:59532 helo=psychosis.jim.sh) by monty-python.gnu.org with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.60) (envelope-from ) id 1MsMI4-0004VU-Ob for qemu-devel@nongnu.org; Mon, 28 Sep 2009 15:53:44 -0400 Received: from psychosis.jim.sh (localhost [127.0.0.1]) by psychosis.jim.sh (8.14.3/8.14.3/Debian-5) with ESMTP id n8SJrgui016633 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for ; Mon, 28 Sep 2009 15:53:42 -0400 Received: (from jim@localhost) by psychosis.jim.sh (8.14.3/8.14.3/Submit) id n8SJrf5x016632 for qemu-devel@nongnu.org; Mon, 28 Sep 2009 15:53:41 -0400 Date: Mon, 28 Sep 2009 15:53:41 -0400 From: Jim Paris Message-ID: <20090928195341.GA16533@psychosis.jim.sh> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Sender: jim@jim.sh Subject: [Qemu-devel] usb-linux buffer overflow List-Id: qemu-devel.nongnu.org List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: qemu-devel@nongnu.org Hi, I sent a patch a couple times that seems to have finally made it to: http://git.savannah.gnu.org/cgit/qemu.git/commit/?id=c4c0e236beabb9de5ff472f77aeb811ec5484615 but it's missing from 0.11.0. Can it be applied there (and any other maintained branches) too? It's important for functionality and it's also a security hole: a rogue USB device can potentially execute code in the qemu host process. -jim