[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PULL v2 0/2] vnc: fix websocket security issues (cve-2015-
From: |
Gerd Hoffmann |
Subject: |
[Qemu-devel] [PULL v2 0/2] vnc: fix websocket security issues (cve-2015-1779). |
Date: |
Wed, 1 Apr 2015 17:16:42 +0200 |
Hi,
$subject says all, here are the cve-2015-1779 fixes for vnc websockets
from Daniel P. Berrange for 2.3-rc2.
v2 fixes the 32bit build failure.
please pull,
Gerd
The following changes since commit b8a86c4ac4d04c106ba38fbd707041cba334a155:
Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging
(2015-04-01 11:31:31 +0100)
are available in the git repository at:
git://git.kraxel.org/qemu tags/pull-cve-2015-1779-20150401-2
for you to fetch changes up to 2cdb5e142fb93e875fa53c52864ef5eb8d5d8b41:
CVE-2015-1779: limit size of HTTP headers from websockets clients (2015-04-01
17:12:55 +0200)
----------------------------------------------------------------
vnc: fix websocket security issues (cve-2015-1779).
----------------------------------------------------------------
Daniel P. Berrange (2):
CVE-2015-1779: incrementally decode websocket frames
CVE-2015-1779: limit size of HTTP headers from websockets clients
ui/vnc-ws.c | 115 +++++++++++++++++++++++++++++++++++++++++-------------------
ui/vnc-ws.h | 9 +++--
ui/vnc.h | 2 ++
3 files changed, 88 insertions(+), 38 deletions(-)
- [Qemu-devel] [PULL v2 0/2] vnc: fix websocket security issues (cve-2015-1779).,
Gerd Hoffmann <=