Summary: | <app-emulation/xen-4.13.1-r3: Out of bounds read/write in USB emulation (CVE-2020-14364) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sam James <sam> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | ajak, hydrapolic, mgorny, proxy-maint, xen |
Priority: | Normal | Flags: | nattka:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
See Also: |
https://github.com/gentoo/gentoo/pull/17384 https://bugs.gentoo.org/show_bug.cgi?id=744202 |
||
Whiteboard: | B1 [glsa+] | ||
Package list: |
app-emulation/xen-4.13.1-r3 amd64
app-emulation/xen-pvgrub-4.13.1
app-emulation/xen-tools-4.13.1-r3
|
Runtime testing required: | --- |
Bug Depends on: | |||
Bug Blocks: | 694800 |
Description
Sam James
2020-08-19 19:02:19 UTC
ping The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c8e9934490fa854d278ff7f97d5308aeeb30b391 commit c8e9934490fa854d278ff7f97d5308aeeb30b391 Author: Tomáš Mózes <hydrapolic@gmail.com> AuthorDate: 2020-09-02 10:56:35 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2020-09-12 18:32:15 +0000 app-emulation/xen-tools: add upstream and security patches Bug: https://bugs.gentoo.org/738040 Signed-off-by: Tomáš Mózes <hydrapolic@gmail.com> Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> app-emulation/xen-tools/Manifest | 5 +- app-emulation/xen-tools/xen-tools-4.12.3-r3.ebuild | 501 +++++++++++++++++++++ ...4.13.1-r2.ebuild => xen-tools-4.13.1-r3.ebuild} | 7 +- ...ls-4.14.0.ebuild => xen-tools-4.14.0-r1.ebuild} | 7 +- 4 files changed, 513 insertions(+), 7 deletions(-) Please stable 4.12.3-r3 when ready. Unable to check for sanity:
> dependent bug #735214 has errors
Let's stabilize 4.13 instead. All sanity-check issues have been resolved *** Bug 735214 has been marked as a duplicate of this bug. *** x86 stable amd64 stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b5ea55353ef99ee903abf4d9594553b0662f6ad8 commit b5ea55353ef99ee903abf4d9594553b0662f6ad8 Author: Michał Górny <mgorny@gentoo.org> AuthorDate: 2020-09-19 07:27:49 +0000 Commit: Michał Górny <mgorny@gentoo.org> CommitDate: 2020-09-19 08:04:34 +0000 app-emulation/xen: Remove old Bug: https://bugs.gentoo.org/738040 Signed-off-by: Michał Górny <mgorny@gentoo.org> app-emulation/xen/Manifest | 3 - app-emulation/xen/xen-4.12.3-r2.ebuild | 165 --------------------------------- app-emulation/xen/xen-4.12.3-r3.ebuild | 165 --------------------------------- 3 files changed, 333 deletions(-) This issue was resolved and addressed in GLSA 202009-14 at https://security.gentoo.org/glsa/202009-14 by GLSA coordinator Sam James (sam_c). |