Summary: | <app-emulation/qemu-4.2.0-r3: Buffer overflow in hw/net/tulip.c (CVE-2020-11102) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | filip ambroz <filip.ambroz> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | tamiko, virtualization |
Priority: | Normal | Flags: | nattka:
sanity-check-
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
See Also: |
https://bugs.gentoo.org/show_bug.cgi?id=717154 https://bugs.gentoo.org/show_bug.cgi?id=717770 |
||
Whiteboard: | B2 [glsa+ cve] | ||
Package list: |
app-emulation/qemu-4.2.0-r3
|
Runtime testing required: | --- |
Bug Depends on: | 717176 | ||
Bug Blocks: |
Description
filip ambroz
2020-04-07 06:52:48 UTC
Thanks for this, I saw it and had it open to report. Not sure what happened there... @maintainer(s), please create an appropriate ebuild. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5ba2de3e653a5476467ef25d3389118f49d3f9ac commit 5ba2de3e653a5476467ef25d3389118f49d3f9ac Author: Matthias Maier <tamiko@gentoo.org> AuthorDate: 2020-04-08 18:50:34 +0000 Commit: Matthias Maier <tamiko@gentoo.org> CommitDate: 2020-04-08 18:51:16 +0000 app-emulation/qemu: fix buffer overflow, CVE-2020-11102 Bug: https://bugs.gentoo.org/716518 Package-Manager: Portage-2.3.96, Repoman-2.3.22 Signed-off-by: Matthias Maier <tamiko@gentoo.org> .../qemu/files/qemu-4.2.0-CVE-2020-11102.patch | 144 ++++ app-emulation/qemu/qemu-4.2.0-r3.ebuild | 835 +++++++++++++++++++++ 2 files changed, 979 insertions(+) This is an automatic message. @maintainer(s): I'm getting test-failure(s) (that were already reported) on amd64. If you want the package to pass my CI environment and got stabilized, please carry out the necessary operations to make sure that src_test() won't fail. Thanks. Unable to check for sanity:
> no match for package: app-emulation/qemu-4.2.0-r3
This issue was resolved and addressed in GLSA 202005-02 at https://security.gentoo.org/glsa/202005-02 by GLSA coordinator Thomas Deutschmann (whissi). |