Summary: | <app-emulation/qemu-2.10.1: cirrus: OOB access issue in mode4and5 write functions | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | qemu+disabled |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=1501290 | ||
Whiteboard: | B3 [noglsa cve] | ||
Package list: |
=app-emulation/qemu-2.10.1
=sys-apps/dtc-1.4.4
|
Runtime testing required: | --- |
Bug Depends on: | |||
Bug Blocks: | 630432, 633822 |
Description
Agostino Sarubbo
2017-10-13 07:59:01 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=23224f9e55bfc2ec41c8a8906a44e60791de07b5 commit 23224f9e55bfc2ec41c8a8906a44e60791de07b5 Author: Matthias Maier <tamiko@gentoo.org> AuthorDate: 2017-11-12 20:10:34 +0000 Commit: Matthias Maier <tamiko@gentoo.org> CommitDate: 2017-11-12 20:22:03 +0000 app-emulation/qemu: Version bump to 2.10.1, various security fixes Bug: https://bugs.gentoo.org/630432 Bug: https://bugs.gentoo.org/633822 Bug: https://bugs.gentoo.org/634070 Bug: https://bugs.gentoo.org/634148 Package-Manager: Portage-2.3.8, Repoman-2.3.4 app-emulation/qemu/Manifest | 1 + .../qemu/files/qemu-2.10.0-CVE-2017-13711.patch | 80 --- .../qemu/files/qemu-2.10.1-CVE-2017-15268.patch | 54 ++ .../qemu/files/qemu-2.10.1-CVE-2017-15289.patch | 58 ++ app-emulation/qemu/qemu-2.10.1.ebuild | 796 +++++++++++++++++++++ 5 files changed, 909 insertions(+), 80 deletions(-)} Arches, please stabilize =app-emulation/qemu-2.10.1 Target keywords: amd64 x86 An automated check of this bug failed - repoman reported dependency errors (41 lines truncated):
> dependency.bad app-emulation/qemu/qemu-2.10.1.ebuild: DEPEND: amd64(default/linux/amd64/13.0) ['>=sys-apps/dtc-1.4.2', '>=sys-apps/dtc-1.4.2[static-libs(+)]']
> dependency.bad app-emulation/qemu/qemu-2.10.1.ebuild: RDEPEND: amd64(default/linux/amd64/13.0) ['>=sys-apps/dtc-1.4.2']
> dependency.bad app-emulation/qemu/qemu-2.10.1.ebuild: DEPEND: amd64(default/linux/amd64/13.0/desktop) ['>=sys-apps/dtc-1.4.2', '>=sys-apps/dtc-1.4.2[static-libs(+)]']
x86 stable Stable on amd64 Tree clean. commit ad6a584de881ebd244ba176a408e61704a8a6b21 (HEAD -> master, origin/master, origin/HEAD) Author: Matthias Maier <tamiko@gentoo.org> Date: Tue Nov 14 18:21:36 2017 -0600 app-emulation/qemu: drop vulnerable (bug #634148) Package-Manager: Portage-2.3.13, Repoman-2.3.4 Thank you. GLSA Vote: No |