Summary: | <app-emulation/xen-tools-4.7.1-r8: qemu: display: cirrus_bitblt_cputovideo does not check if memory region is safe (XSA-209,CVE-2017-2620) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Thomas Deutschmann (RETIRED) <whissi> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | alexxy, cardoe, dlan |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://xenbits.xen.org/xsa/advisory-209.html | ||
Whiteboard: | B1 [glsa cve] | ||
Package list: |
=app-emulation/xen-tools-4.7.1-r8
|
Runtime testing required: | --- |
Bug Depends on: | |||
Bug Blocks: | 609202 |
Description
Thomas Deutschmann (RETIRED)
2017-02-12 15:26:31 UTC
Freeing alias for tracker usage. $URL is now public. @ Maintainer(s): Please proceed! commit 68032806896565d2cdc7338c02092c2ee1a5fc3b Author: Yixun Lan <dlan@gentoo.org> Date: Wed Feb 22 17:07:11 2017 +0800 app-emulation/xen-tools: fix XSA-209 cirrus_bitblt_cputovideo does not check if memory region is safe Gentoo-Bug: 609120 Package-Manager: Portage-2.3.3, Repoman-2.3.1 :100644 100644 6a15a234a9... a907077345... M app-emulation/xen-tools/Manifest :000000 100644 0000000000... 726e0e7094... A app-emulation/xen-tools/xen-tools-4.7.1-r7.ebuild :000000 100644 0000000000... f87e05ba01... A app-emulation/xen-tools/xen-tools-4.8.0-r3.ebuild Arches, please test and mark stable: =app-emulation/xen-tools-4.7.1-r7 Target keywords: "amd64 x86" (In reply to Yixun Lan from comment #4) > Arches, please test and mark stable: > > =app-emulation/xen-tools-4.7.1-r7 > Target keywords: "amd64 x86" had problem with 4.7.1-r7, the XSA-209 qemuu.patch actually depend on previous one patch, so also pull in.. please stable: =app-emulation/xen-tools-4.7.1-r8 Target keywords: "amd64 x86" amd64 stable x86 stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one. Arches and Maintainer(s). Thank you for your work. New GLSA Request filed. Maintainer(s), please drop the vulnerable version(s). This issue was resolved and addressed in GLSA 201703-07 at https://security.gentoo.org/glsa/201703-07 by GLSA coordinator Yury German (BlueKnight). |