Summary: | <app-emulation/qemu-2.9.0-r55: slirp: out-of-bounds read while parsing dhcp options | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | Flags: | stable-bot:
sanity-check+
|
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=1472611 | ||
Whiteboard: | B3 [noglsa cve] | ||
Package list: |
=app-emulation/qemu-2.9.0-r56
=sys-firmware/edk2-ovmf-2017_pre20170505
=sys-firmware/seabios-1.10.2
|
Runtime testing required: | No |
Bug Depends on: | |||
Bug Blocks: | 621184, 621292, 623016, 624088, 625390 |
Description
Agostino Sarubbo
2017-07-19 09:27:24 UTC
commit e67f10960bca69fdede54d77eb54c4ab72b98d08 Author: Matthias Maier <tamiko@gentoo.org> Date: Wed Jul 26 12:10:46 2017 -0500 app-emulation/qemu: security fixes CVE-2017-11334, bug #621292 CVE-2017-11434, bug #625614 CVE-2017-9503, bug #621184 CVE-2017-9524, bug #621292 Package-Manager: Portage-2.3.6, Repoman-2.3.3 @arches, please stabilize. An automated check of this bug failed - repoman reported dependency errors (41 lines truncated):
> dependency.bad app-emulation/qemu/qemu-2.9.0-r56.ebuild: DEPEND: amd64(default/linux/amd64/13.0) ['~sys-firmware/edk2-ovmf-2017_pre20170505[binary]', '~sys-firmware/seabios-1.10.2[binary,seavgabios]', 'sys-firmware/edk2-ovmf', '>=sys-firmware/seabios-1.10.2[seavgabios]']
> dependency.bad app-emulation/qemu/qemu-2.9.0-r56.ebuild: RDEPEND: amd64(default/linux/amd64/13.0) ['~sys-firmware/edk2-ovmf-2017_pre20170505[binary]', '~sys-firmware/seabios-1.10.2[binary,seavgabios]', 'sys-firmware/edk2-ovmf', '>=sys-firmware/seabios-1.10.2[seavgabios]']
> dependency.bad app-emulation/qemu/qemu-2.9.0-r56.ebuild: DEPEND: amd64(default/linux/amd64/13.0/desktop) ['~sys-firmware/edk2-ovmf-2017_pre20170505[binary]', '~sys-firmware/seabios-1.10.2[binary,seavgabios]', 'sys-firmware/edk2-ovmf', '>=sys-firmware/seabios-1.10.2[seavgabios]']
Updated package list. An automated check of this bug succeeded - the previous repoman errors are now resolved. (In reply to Matthias Maier from comment #4) > Updated package list. thanks. commit 64084b9d4552b611da76774bedf98f180067f43d (HEAD -> master, origin/master, origin/HEAD) Author: Matthias Maier <tamiko@gentoo.org> Date: Thu Aug 31 20:09:04 2017 -0500 app-emulation/qemu: drop vulnerable 2.9.0-r2, bug #625614 Package-Manager: Portage-2.3.6, Repoman-2.3.3 commit bf14d3508d91a707aa4615c5a2d7940fc94b1f5a Author: Matthias Maier <tamiko@gentoo.org> Date: Thu Aug 31 20:07:37 2017 -0500 app-emulation/qemu: stabilize on amd64, x86, bug #625614 Package-Manager: Portage-2.3.6, Repoman-2.3.3 commit 076cda37021c624dff310d7b26ada9a47e51fe3e Author: Matthias Maier <tamiko@gentoo.org> Date: Thu Aug 31 20:06:08 2017 -0500 sys-firmware/seabios: stabilize on amd64, x86, bug #625614 Package-Manager: Portage-2.3.6, Repoman-2.3.3 commit edfe027b092f6558fa96ff761c91547fd2d5a7a9 Author: Matthias Maier <tamiko@gentoo.org> Date: Thu Aug 31 20:04:00 2017 -0500 sys-firmware/edk2-ovmf: stabilize on amd64, x86, bug #625614 Package-Manager: Portage-2.3.6, Repoman-2.3.3 @Arches please test and mark stable. Gentoo Security Padawan ChrisADR already stabilized by tamiko. GLSA Vote: No |