Summary: | <app-emulation/qemu-2.10.0: Qemu: ide: flushing of empty CDROM drives leads to NULL dereference (CVE-2017-12809) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | D'juan McDonald (domhnall) <flopwiki> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | qemu+disabled |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://seclists.org/oss-sec/2017/q3/332 | ||
Whiteboard: | B3 [noglsa cve] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 629350 | ||
Bug Blocks: |
Description
D'juan McDonald (domhnall)
2017-08-21 12:33:40 UTC
@Maintainer(s): Please follow procedure to close this report. Thank you. Daj'Uan (mbailey_j) Gentoo Security Scout Source:https://lists.gnu.org/archive/html/qemu-devel/2017-08/msg01841.html Patch 1/4 https://lists.gnu.org/archive/html/qemu-devel/2017-08/msg01850.html Patch 2/4 https://lists.gnu.org/archive/html/qemu-devel/2017-08/msg01580.html Patch 3/4 https://lists.gnu.org/archive/html/qemu-devel/2017-08/msg01581.html Patch 4/4 https://lists.gnu.org/archive/html/qemu-devel/2017-08/msg01582.html @maintainter(s), if possible please test, then follow procedure to stabilize and close on report. Thank you! Daj'Uan (mbailey_j) Gentoo Security Scout Patches 1 and 2 are applied upstream in version 2.10.0 Patches 3 and 4 are rejected upstream and a related fix is in progress. I believe the immediate problem with CVE-2017-12809 is resolved by patches 1 + 2. |