Summary: | <app-emulation/xen-tools-{4.5.2-r1,4.6.0-r3}: heap buffer overflow vulnerability in pcnet emulator XSA-162 (CVE-2015-7504) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Yury German <blueknight> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | dlan, idella4 |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B3 [glsa cve] | ||
Package list: | Runtime testing required: | --- |
Description
Yury German
2015-11-25 17:30:57 UTC
Patches have been sent to developer as per agreement with xen maintainers. UPDATES IN VERSION 2 ==================== Public release. Correct cut and paste reference to bootloaders in "DEPLOYMENT DURING EMBARGO" section, which should have instead referred to the configuration changes. commit 67f629f0a52e81af499dc1cb5ed4a9dc79af791e Author: Ian Delaney <idella4@gentoo.org> Date: Tue Dec 1 00:00:33 2015 +0800 app-emulation/xen-tools: revbumps vns. 4.5.2-r1, 4.6.0-r3 security patches (2) added from XSA-162, initally set as embargoed security patches, publicly released today wrt the gentoo bug Gentoo bug: #566838 amd64 stable. Maintainer(s), please cleanup. Security, please vote. Added to an existing GLSA Request. Maintainer(s), please drop the vulnerable version(s). Actually this pair of patches pertain only to xen-tools, not to package xen. Patches added to xen-tools-4.5.2-r1.ebuild & xen-tools-4.6.0-r3.ebuild making xen-tools-4.5.2.ebuild, xen-tools-4.6.0-r2.ebuild the vulnerable versions. commit 2e385225eec30f5fbb7703c01cd862653e07143d Author: Ian Delaney <idella4@gentoo.org> Date: Thu Dec 3 21:53:32 2015 +0800 app-emulation/xen-tools: clean vulnerable versions wrt security bug #566838 Gentoo bug : #566838 Arches and Maintainer(s), Thank you for your work. This issue was resolved and addressed in GLSA 201604-03 at https://security.gentoo.org/glsa/201604-03 by GLSA coordinator Yury German (BlueKnight). |