qemu-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-devel] [PATCH 0/1] multiboot.c: Document as fixed against CVE-2018


From: Jack Schwartz
Subject: [Qemu-devel] [PATCH 0/1] multiboot.c: Document as fixed against CVE-2018-7550
Date: Wed, 21 Mar 2018 13:53:46 -0700

Some changes were delivered a few weeks ago that fixed CVE-2018-7550
before that CVE was created.  Changeset:
    2a8fcd119eb7 ("multiboot: bss_end_addr can be zero")

Shortly after that delivery, a different changeset claimed in its commit
message to fix that CVE, but it really fixed a different one.  Changeset:
    7cdc61becd09 ("vga: fix region calculation")
PJP says the proper CVE is CVE-2018-7858
https://bugzilla.redhat.com/show_bug.cgi?id=1553402

Not sure what the proper protocol is for getting this all straightened
out, but I would like to help since I delivered the multiboot changes.

This patch set contains an empty patch with a commit message to document
the multiboot changes.  Please add it to the repo as you see fit, or let
me know if you need something else from me to resolve this differently.

Note that unless the vga CVE is explained/corrected, people may get
confused when they see different fixes associated with the same CVE.

        Thanks,
        Jack

Jack Schwartz (1):
  multiboot.c: Document as fixed against CVE-2018-7550

-- 
1.8.3.1




reply via email to

[Prev in Thread] Current Thread [Next in Thread]