[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [CVE-2014-3615 PULL 0/3] vbe: bochs dispi interface fix
From: |
Peter Maydell |
Subject: |
Re: [Qemu-devel] [CVE-2014-3615 PULL 0/3] vbe: bochs dispi interface fixes |
Date: |
Fri, 5 Sep 2014 13:55:40 +0100 |
On 5 September 2014 12:21, Gerd Hoffmann <address@hidden> wrote:
> Hi,
>
> So, as announced yesterday, here comes the CVE-2014-3615 pull request.
>
> please pull,
> Gerd
>
> The following changes since commit 30eaca3acdf17d7bcbd1213eb149c02037edfb0b:
>
> Merge remote-tracking branch 'remotes/spice/tags/pull-spice-20140902-1'
> into staging (2014-09-02 10:26:10 +0100)
>
> are available in the git repository at:
>
>
> git://git.kraxel.org/qemu tags/pull-cve-2014-3615-20140905-1
>
> for you to fetch changes up to ab9509cceabef28071e41bdfa073083859c949a7:
>
> spice: make sure we don't overflow ssd->buf (2014-09-05 12:19:50 +0200)
>
> ----------------------------------------------------------------
> CVE-2014-3615: fix sanity checks in vbe (bochs dispi) and spice.
>
> ----------------------------------------------------------------
> Gerd Hoffmann (3):
> vbe: make bochs dispi interface return the correct memory size with qxl
> vbe: rework sanity checks
> spice: make sure we don't overflow ssd->buf
Applied, thanks.
-- PMM