Summary: | app-emulation/bochs DoS and heap overflow (CVE 2007-28{93,94}) | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | Matt Fleming (RETIRED) <mjf> | ||||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||||
Status: | RESOLVED FIXED | ||||||||
Severity: | major | CC: | carenas, lu_zero | ||||||
Priority: | High | ||||||||
Version: | unspecified | ||||||||
Hardware: | All | ||||||||
OS: | Linux | ||||||||
Whiteboard: | B1 [glsa] | ||||||||
Package list: | Runtime testing required: | --- | |||||||
Attachments: |
|
Description
Matt Fleming (RETIRED)
![]() CC'ing maintainer and setting whiteboard status. Debian seems to have fixed this with DSA 1351-1. fedora also published a fix which links to the following already closed (in cvs) upstream bug report : http://sourceforge.net/tracker/?func=detail&atid=112580&aid=1729822&group_id=12580 fedora's CVS contains patches for both bugs that apply to 2.3 in : http://cvs.fedoraproject.org/viewcvs/devel/bochs/ Created attachment 129950 [details, diff]
fix for CVE-2007-2893 from CVS
reconstructed from CVS with information from fedora package.
tested in bochs-2.3 for amd64
Created attachment 129952 [details, diff]
fix for CVE-2007-2894 from CVS
reconstructed from CVS with information from fedora package.
tested in bochs-2.3 for amd64
lu_zero please advise. bochs-2.3 doesn't build for me and I'm tempted to remove it since qemu covers the needs in a simpler and faster way. I'll try to come up either with a snapshot that builds or using the patches on the previous version. spent more time on bochs-2.3 and eventually sorted my, seems to be, local issue. Ebuild committed as ~arch Arches please stabilise app-emulation/bochs-2.3 lu_zero did ppc and x86 has been stabled by me alpha stable amd64 stable Please file GLSA request (In reply to comment #13) > Please file GLSA request > done. GLSA 200711-21 |