Summary: | <app-emulation/qemu-kvm-1.0-r3 : Denial of Service vulnerability (CVE-2011-2512) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Tim Sammut (RETIRED) <underling> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | qemu+disabled |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://patchwork.ozlabs.org/patch/94604/ | ||
Whiteboard: | B3 [glsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 407345, 407357, 408977 | ||
Bug Blocks: | 400595 |
Description
Tim Sammut (RETIRED)
2011-07-04 05:56:44 UTC
This patch is included in qemu-kvm-1.0. Added to pending GLSA request. stabilization target: app-emulation/qemu-kvm-1.0-r3 target keywords: amd64 x86 USE="spice" yields the following: The following keyword changes are necessary to proceed: #required by app-emulation/spice-0.10.1[smartcard], required by app-emulation/qemu-kvm-1.0-r3[spice], required by =app-emulation/qemu-kvm-1.0-r3 (argument) =app-emulation/libcacard-0.1.2 ~amd64 #required by app-emulation/libcacard-0.1.2, required by app-emulation/spice-0.10.1[smartcard], required by app-emulation/qemu-kvm-1.0-r3[spice], required by =app-emulation/qemu-kvm-1.0-r3 (argument) =sys-apps/pcsc-lite-1.8.2 ~amd64 still going amd64 ok (In reply to comment #4) > USE="spice" yields the following: > The following keyword changes are necessary to proceed: > #required by app-emulation/spice-0.10.1[smartcard], required by > app-emulation/qemu-kvm-1.0-r3[spice], required by > =app-emulation/qemu-kvm-1.0-r3 (argument) > > =app-emulation/libcacard-0.1.2 ~amd64 > > #required by app-emulation/libcacard-0.1.2, required by > app-emulation/spice-0.10.1[smartcard], required by > app-emulation/qemu-kvm-1.0-r3[spice], required by > =app-emulation/qemu-kvm-1.0-r3 (argument) > > =sys-apps/pcsc-lite-1.8.2 ~amd64 > > still going If you follow the depend chain, I requested app-emulation/spice-0.10.0 to be stable in bug #407357. It does not have any depends on smart card bits or libs. I apologize. It appears it was updated to say 0.10.1 but we only need 0.10.0. amd64 stable Sorry for the bugspam, but qemu-kvm-1.0* does not work out of the box (with libvirt). bug 408977 @x86 you probably will continue in bug 411501. Feel free to stabilize it in the meantime (In reply to comment #10) > @x86 > > you probably will continue in bug 411501. Feel free to stabilize it in the > meantime My bad, that bug is invalid, please continue. Apologize for mailspam x86 stable This issue was resolved and addressed in GLSA 201210-04 at http://security.gentoo.org/glsa/glsa-201210-04.xml by GLSA coordinator Stefan Behte (craig). |