Summary: | <app-emulation/qemu-2.1.2-r2: vmware_vga: insufficient parameter validation in rectangle functions (CVE-2014-3689) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | cardoe, qemu+disabled |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://git.qemu.org/?p=qemu.git;a=commit;h=83afa38eb20ca27e30683edc7729880e091387fc | ||
See Also: | https://bugzilla.redhat.com/show_bug.cgi?id=1153038 | ||
Whiteboard: | B3 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2014-11-11 13:52:20 UTC
there's a few CLs that went in ... not sure how many matter here. then again, qemu-2.2.0 is in the pipeline (already have rc's out), so would be easier to wait for that. i don't think this is a critical bug as i'm not sure the vmware vga driver is commonly used. *qemu-2.1.2-r2 (14 Dec 2014) 14 Dec 2014; Matthias Maier <tamiko@gentoo.org> +qemu-2.1.2-r2.ebuild: backport fixes for bugs #530498, #531666 (CVE-2014-8106), #529030 (CVE-2014-7840), #528922 (528922) *qemu-2.2.0 (14 Dec 2014) 14 Dec 2014; Matthias Maier <tamiko@gentoo.org> +qemu-2.2.0.ebuild, metadata.xml: version bump; cleanup whitespace in metadata.xml Vulnerable version left in tree: 2.1.2-r1 Unaffected: 2.1.2-r2, 2.2.0 Stabilization for 2.1.2-r2 on bug #531666 Security, please vote. Kristian Fiskerstrand gentoo-dev Security 2014-12-21 10:53:53 EST - in Bug 53166 GLSA Vote: Yes along with bug 528922 and bug 529030 Maintainer(s), Thank you for cleanup! GLSA Vote: Yes Added to an existing GLSA request. This issue was resolved and addressed in GLSA 201412-37 at http://security.gentoo.org/glsa/glsa-201412-37.xml by GLSA coordinator Yury German (BlueKnight). This issue was resolved and addressed in GLSA 201412-37 at http://security.gentoo.org/glsa/glsa-201412-37.xml by GLSA coordinator Yury German (BlueKnight). |