Summary: | <app-emulation/qemu-2.8.0: display: virtio-gpu-3d: OOB access while reading virgl capabilities (CVE-2016-10028) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | qemu+disabled |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://lists.gnu.org/archive/html/qemu-devel/2016-12/msg01903.html | ||
See Also: | https://bugzilla.redhat.com/show_bug.cgi?id=1406367 | ||
Whiteboard: | B3 [glsa cve] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 601824, 604010 | ||
Bug Blocks: |
Description
Agostino Sarubbo
2016-12-22 09:09:43 UTC
i've added it to our 2.8.0 ebuild Stabilization will be happen as part of bug 601824. New GLSA request filed. No ACE/RCE, downgraded to B3. This issue was resolved and addressed in GLSA 201701-49 at https://security.gentoo.org/glsa/201701-49 by GLSA coordinator Aaron Bauman (b-man). Re-opened for cleanup. Vulnerable versions removed, please close. commit cd0007ee8270ccd2773604782ddcc4b67fa3a103 Author: Matthias Maier <tamiko@gentoo.org> Date: Sun Feb 12 22:08:18 2017 -0600 app-emulation/qemu: drop old versions 2.7.0, 2.7.1 Package-Manager: Portage-2.3.3, Repoman-2.3.1 All done, repository is clean. |