[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PULL 0/4] Block layer patches (CVE-2024-4467)
From: |
Kevin Wolf |
Subject: |
[PULL 0/4] Block layer patches (CVE-2024-4467) |
Date: |
Tue, 2 Jul 2024 18:39:39 +0200 |
The following changes since commit c80a339587fe4148292c260716482dd2f86d4476:
Merge tag 'pull-target-arm-20240701' of
https://git.linaro.org/people/pmaydell/qemu-arm into staging (2024-07-01
10:41:45 -0700)
are available in the Git repository at:
https://repo.or.cz/qemu/kevin.git tags/for-upstream
for you to fetch changes up to 7ead946998610657d38d1a505d5f25300d4ca613:
block: Parse filenames only when explicitly requested (2024-07-02 18:12:30
+0200)
----------------------------------------------------------------
Block layer patches (CVE-2024-4467)
- Don't open qcow2 data files in 'qemu-img info'
- Disallow protocol prefixes for qcow2 data files, VMDK extent files and
other child nodes that are neither 'file' nor 'backing'
----------------------------------------------------------------
Kevin Wolf (4):
qcow2: Don't open data_file with BDRV_O_NO_IO
iotests/244: Don't store data-file with protocol in image
iotests/270: Don't store data-file with json: prefix in image
block: Parse filenames only when explicitly requested
block.c | 90 +++++++++++++++++++++++++++++-----------------
block/qcow2.c | 17 ++++++++-
tests/qemu-iotests/061 | 6 ++--
tests/qemu-iotests/061.out | 8 +++--
tests/qemu-iotests/244 | 19 ++++++++--
tests/qemu-iotests/270 | 14 ++++++--
6 files changed, 110 insertions(+), 44 deletions(-)