Summary: | <app-emulation/xen-tools-4.5.1-r3: Use after free in QEMU/Xen block unplug protocol and QEMU leak of uninitialized heap memory in rtl8139 device model (XSA-{139,140}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Kristian Fiskerstrand (RETIRED) <k_f> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | ago, cardoe, dlan |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | A3 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Kristian Fiskerstrand (RETIRED)
2015-07-30 09:16:25 UTC
patches have been sent to dlan by mail. This affects qemu as well, cardoe, please confirm that you have read and understood the deployment during embargo and security policies. (In reply to Kristian Fiskerstrand from comment #1) > patches have been sent to dlan by mail. > > This affects qemu as well, cardoe, please confirm that you have read and > understood the deployment during embargo and security policies. ... if you want me to send you the patches by email, that is (In reply to Kristian Fiskerstrand from comment #1) > patches have been sent to dlan by mail. > > This affects qemu as well, cardoe, please confirm that you have read and > understood the deployment during embargo and security policies. ACK. I agree to them and understand them. Issue is now public qemu-2.3.0-r5 is in the tree note: we should also stabilize qemu-guest-agent-2.3.0 too to keep in sync +*xen-tools-4.5.1-r3 (05 Aug 2015) +*xen-tools-4.2.5-r10 (05 Aug 2015) + + 05 Aug 2015; Yixun Lan <dlan@gentoo.org> +xen-tools-4.2.5-r10.ebuild, + +xen-tools-4.5.1-r3.ebuild: + security bump, bug 556304, fix XSA139,140 Arches, please test and mark stable: =app-emulation/xen-tools-4.2.5-r10 Target keywords Both : "amd64 x86" =app-emulation/xen-tools-4.5.1-r3 Target keywords Only: "amd64" Marked stable. Added to existing glsa draft + 06 Aug 2015; Yixun Lan <dlan@gentoo.org> -xen-tools-4.2.5-r9.ebuild, + -xen-tools-4.5.1-r2.ebuild: + cleanup old vulnerable versions, bug 556304 Added to existing GLSA. This issue was resolved and addressed in GLSA 201604-03 at https://security.gentoo.org/glsa/201604-03 by GLSA coordinator Yury German (BlueKnight). |