Summary: | <app-emulation/qemu-3.1.0-r1: Out-of-bounds read in hw/i2c/i2c-ddc.c allows for memory disclosure (CVE-2019-3812) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Fadi Abu Sneineh <fadi+gentoo> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | trivial | CC: | virtualization |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://seclists.org/oss-sec/2019/q1/138 | ||
Whiteboard: | B4 [noglsa cve] | ||
Package list: |
app-emulation/qemu-3.1.0-r1
|
Runtime testing required: | --- |
Bug Depends on: | |||
Bug Blocks: | 678336 |
Description
Fadi Abu Sneineh
2019-02-18 16:26:57 UTC
Freeing alias to create a tracker bug. UnCC'ing tamiko who is part of virtualization project. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c5d70adc0520a858f4da5cd0d1161e91140f5347 commit c5d70adc0520a858f4da5cd0d1161e91140f5347 Author: Matthias Maier <tamiko@gentoo.org> AuthorDate: 2019-02-19 00:16:24 +0000 Commit: Matthias Maier <tamiko@gentoo.org> CommitDate: 2019-02-19 00:19:03 +0000 app-emulation/qemu: fix vulnerability, bug #678302 Take over commit From b05b267840515730dbf6753495d5b7bd8b04ad1c Mon Sep 17 00:00:00 2001 From: Gerd Hoffmann <kraxel@redhat.com> Date: Tue, 8 Jan 2019 11:23:01 +0100 Subject: [PATCH] i2c-ddc: fix oob read Bug: https://bugs.gentoo.org/678302 Package-Manager: Portage-2.3.60, Repoman-2.3.12 Signed-off-by: Matthias Maier <tamiko@gentoo.org> .../qemu/files/qemu-3.1.0-CVE-2019-3812.patch | 33 + app-emulation/qemu/qemu-3.1.0-r1.ebuild | 810 +++++++++++++++++++++ 2 files changed, 843 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1e67fc2d360f6924368ffdf10519f47bb35e16ab commit 1e67fc2d360f6924368ffdf10519f47bb35e16ab Author: Matthias Maier <tamiko@gentoo.org> AuthorDate: 2019-02-19 00:11:46 +0000 Commit: Matthias Maier <tamiko@gentoo.org> CommitDate: 2019-02-19 00:19:02 +0000 app-emulation/qemu: drop vulnerable, bug #678302 Bug: https://bugs.gentoo.org/672346 Bug: https://bugs.gentoo.org/673108 Bug: https://bugs.gentoo.org/678302 Package-Manager: Portage-2.3.60, Repoman-2.3.12 Signed-off-by: Matthias Maier <tamiko@gentoo.org> app-emulation/qemu/Manifest | 2 - app-emulation/qemu/metadata.xml | 2 - app-emulation/qemu/qemu-2.12.1.ebuild | 818 ---------------------------------- 3 files changed, 822 deletions(-) amd64 x86 stable The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f1a446709c5018eaa8f0cd6a0238b43a1262c17b commit f1a446709c5018eaa8f0cd6a0238b43a1262c17b Author: Matthias Maier <tamiko@gentoo.org> AuthorDate: 2019-02-19 18:29:40 +0000 Commit: Matthias Maier <tamiko@gentoo.org> CommitDate: 2019-02-19 18:33:41 +0000 app-emulation/qemu: drop vulnerable, bug #678302 Bug: https://bugs.gentoo.org/678302 Package-Manager: Portage-2.3.60, Repoman-2.3.12 Signed-off-by: Matthias Maier <tamiko@gentoo.org> app-emulation/qemu/qemu-3.1.0.ebuild | 809 ----------------------------------- 1 file changed, 809 deletions(-) |