Summary: | <app-emulation/qemu-0.9.1: TranslationBlock (code_gen_buffer) buffer overwrite (CVE-2007-6227) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Robert Buchholz (RETIRED) <rbu> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | ismail, lu_zero |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.nabble.com/-security-bug-code_gen_buffer-can-be-overflowed-tf4886083.html#a13985284 | ||
Whiteboard: | B3 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Robert Buchholz (RETIRED)
2007-12-05 23:17:59 UTC
resolution for this issue is still in discussion upstream. cc'ing maintainer. Any news here? 0.9.1 doesn't mention the fix in the changelog, otoh the last reply in the thread in $URL seems to contain a patch... maintainer, please advise. (In reply to comment #2) > Any news here? 0.9.1 doesn't mention the fix in the changelog, otoh the last > reply in the thread in $URL seems to contain a patch... maintainer, please > advise. > *ping* 0.10 in portage already Yes, but did it fix this? According to upstream's commit, 0.9.1 fixed this. That was 7 MAJOR versions ago so I have no idea when it was fixed in the tree. 6 years old and fixed in the tree 4 years ago. Can we get this wrapped up? This issue was resolved and addressed in GLSA 201408-17 at http://security.gentoo.org/glsa/glsa-201408-17.xml by GLSA coordinator Kristian Fiskerstrand (K_F). |