Summary: | <app-emulation/qemu-2.8.0: usb: redirector: memory leakage when destroying redirector (CVE-2016-9907) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | qemu+disabled |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg01379.html | ||
Whiteboard: | B4 [glsa cve cleanup] | ||
Package list: |
=app-emulation/qemu-2.8.0 amd64 x86
=sys-firmware/seabios-1.10.1 amd64 x86
|
Runtime testing required: | --- |
Bug Depends on: | 604010 | ||
Bug Blocks: | 598330, 601450, 601826, 601830, 601832, 602626, 602628, 602630, 602632, 602634, 603444 |
Description
Agostino Sarubbo
2016-12-06 16:14:33 UTC
this is in the 2.8.0 release @ Maintainer(s): Can we start stabilization of =app-emulation/qemu-2.8.0? (In reply to Thomas Deutschmann from comment #2) give it like two weeks and we can move forward if there are no reported bugs More than two weeks later, no new bugs (only bugs regarding unneeded deps which are now resolved), so let's start stabilization. @ Arches, please test and mark stable: =app-emulation/qemu-2.8.0 An automated check of this bug failed - repoman reported dependency errors (49 lines truncated):
> dependency.bad app-emulation/qemu/qemu-2.8.0.ebuild: DEPEND: amd64(default/linux/amd64/13.0) ['~sys-firmware/seabios-1.10.1']
> dependency.bad app-emulation/qemu/qemu-2.8.0.ebuild: RDEPEND: amd64(default/linux/amd64/13.0) ['~sys-firmware/seabios-1.10.1']
> dependency.bad app-emulation/qemu/qemu-2.8.0.ebuild: DEPEND: amd64(default/linux/amd64/13.0/desktop) ['~sys-firmware/seabios-1.10.1']
An automated check of this bug succeeded - the previous repoman errors are now resolved. amd64 stable x86 stable. Maintainer(s), please cleanup. Security, please vote. Added to an existing GLSA request. @ Maintainer(s): Please cleanup and drop <app-emulation/qemu-2.8.0! This issue was resolved and addressed in GLSA 201701-49 at https://security.gentoo.org/glsa/201701-49 by GLSA coordinator Aaron Bauman (b-man). |