Summary: | <app-emulation/qemu-3.1.0: pvrdma: memory leakage in device hotplug | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | D'juan McDonald (domhnall) <flopwiki> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | tamiko |
Priority: | Low | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://seclists.org/oss-sec/2018/q4/235 | ||
Whiteboard: | B4 [noglsa cve] | ||
Package list: |
app-emulation/qemu-3.1.0
app-emulation/qemu-guest-agent-3.1.0
|
Runtime testing required: | --- |
Bug Depends on: | |||
Bug Blocks: | 664740, 672346 |
Description
D'juan McDonald (domhnall)
2018-12-14 04:24:33 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=40e4d2a3c32609b313962224ee9d2a96075734b8 commit 40e4d2a3c32609b313962224ee9d2a96075734b8 Author: Matthias Maier <tamiko@gentoo.org> AuthorDate: 2018-12-19 21:11:21 +0000 Commit: Matthias Maier <tamiko@gentoo.org> CommitDate: 2018-12-19 21:46:41 +0000 app-emulation/qemu: version bump to 3.1.0 - use RESTRICT=strip, bug #651422 - switch to tar.xz, bug #666726 - add missing use constraints, bug #664474 qemu_softmmu_targets_riscv32? ( fdt ) qemu_softmmu_targets_riscv64? ( fdt ) - 3.1.0 already contains patches for CVE-2018-15746 - applied patch for CVE-2018-20123 - disable bt subsystem entirely as a "workaround" for CVE-2018-19665. Upstream deprecated the subsystem in November and states that it had been dysfunctional for years with likely no users. Bug: https://bugs.gentoo.org/664740 Bug: https://bugs.gentoo.org/672346 Bug: https://bugs.gentoo.org/673108 Closes: https://bugs.gentoo.org/651422 Closes: https://bugs.gentoo.org/664474 Closes: https://bugs.gentoo.org/666726 Package-Manager: Portage-2.3.52, Repoman-2.3.12 Signed-off-by: Matthias Maier <tamiko@gentoo.org> app-emulation/qemu/Manifest | 1 + .../qemu/files/qemu-3.1.0-CVE-2018-20123.patch | 35 + app-emulation/qemu/files/qemu-binfmt.initd.head | 2 +- app-emulation/qemu/qemu-2.12.0-r3.ebuild | 2 +- app-emulation/qemu/qemu-2.12.1.ebuild | 2 +- app-emulation/qemu/qemu-3.1.0.ebuild | 821 +++++++++++++++++++++ 6 files changed, 860 insertions(+), 3 deletions(-) Arches, please stabilize =app-emulation/qemu-3.1.0 =app-emulation/qemu-guest-agent-3.1.0 Target-keywords: amd64, x86 amd64 stable x86 stable The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1e67fc2d360f6924368ffdf10519f47bb35e16ab commit 1e67fc2d360f6924368ffdf10519f47bb35e16ab Author: Matthias Maier <tamiko@gentoo.org> AuthorDate: 2019-02-19 00:11:46 +0000 Commit: Matthias Maier <tamiko@gentoo.org> CommitDate: 2019-02-19 00:19:02 +0000 app-emulation/qemu: drop vulnerable, bug #678302 Bug: https://bugs.gentoo.org/672346 Bug: https://bugs.gentoo.org/673108 Bug: https://bugs.gentoo.org/678302 Package-Manager: Portage-2.3.60, Repoman-2.3.12 Signed-off-by: Matthias Maier <tamiko@gentoo.org> app-emulation/qemu/Manifest | 2 - app-emulation/qemu/metadata.xml | 2 - app-emulation/qemu/qemu-2.12.1.ebuild | 818 ---------------------------------- 3 files changed, 822 deletions(-) GLSA Vote: No Thank you all for you work. Closing as [noglsa]. |