Summary: | <app-emulation/qemu-4.2.0-r6: Integer overflow in ati_2d_blt() in hw/display/ati-2d.c (CVE-2020-11869) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sam James <sam> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | slyfox, tamiko, virtualization |
Priority: | Normal | Flags: | nattka:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B3 [noglsa cve] | ||
Package list: |
app-emulation/qemu-4.2.0-r6 amd64 x86
|
Runtime testing required: | --- |
Description
Sam James
2020-04-24 17:57:04 UTC
@maintainer(s), please apply the provided patch The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e5295c1235bc8f39e9b30c6c1671611f8602e969 commit e5295c1235bc8f39e9b30c6c1671611f8602e969 Author: Sergei Trofimovich <slyfox@gentoo.org> AuthorDate: 2020-04-24 19:59:21 +0000 Commit: Sergei Trofimovich <slyfox@gentoo.org> CommitDate: 2020-04-24 19:59:37 +0000 app-emulation/qemu: fix int overflow in ati-2d, bug #719266 Direct backport of upstream ac2071c3791b67fc7af78b8ceb "ati-vga: Fix checks in ati_2d_blt() to avoid crash" Bug: https://bugs.gentoo.org/719266 Package-Manager: Portage-2.3.99, Repoman-2.3.22 Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org> .../qemu/files/qemu-4.2.0-ati-vga-crash.patch | 94 +++ app-emulation/qemu/qemu-4.2.0-r6.ebuild | 834 +++++++++++++++++++++ 2 files changed, 928 insertions(+) @maintainer(s), please advise if ready for stabilisation, or call yourself amd64 stable Arches please finish stabilizing x86 x86 stable @maintainer(s), please cleanup The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ea29697f54f95ce75abbd22e3935360be3f11189 commit ea29697f54f95ce75abbd22e3935360be3f11189 Author: Sergei Trofimovich <slyfox@gentoo.org> AuthorDate: 2020-04-27 06:48:19 +0000 Commit: Sergei Trofimovich <slyfox@gentoo.org> CommitDate: 2020-04-27 06:48:27 +0000 app-emulation/qemu: drop old, bug #719266 Bug: https://bugs.gentoo.org/719266 Package-Manager: Portage-2.3.99, Repoman-2.3.22 Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org> app-emulation/qemu/qemu-4.2.0-r5.ebuild | 833 -------------------------------- 1 file changed, 833 deletions(-) Thanks all! |