Summary: | <app-emulation/qemu-6.1.0: code execution via malicious SPICE client (CVE-2021-3682) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | ajak, sam, tamiko, virtualization, zlogene |
Priority: | Normal | Keywords: | PullRequest |
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://gitlab.com/qemu-project/qemu/-/issues/491 | ||
See Also: | https://github.com/gentoo/gentoo/pull/23421 | ||
Whiteboard: | B1 [glsa+] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 829504 | ||
Bug Blocks: |
Description
John Helmert III
2021-08-07 22:44:20 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d4dbabb19b26f4203d67e25f78772c5bebf650ff commit d4dbabb19b26f4203d67e25f78772c5bebf650ff Author: John Helmert III <ajak@gentoo.org> AuthorDate: 2021-12-20 04:31:40 +0000 Commit: Matthias Maier <tamiko@gentoo.org> CommitDate: 2021-12-20 06:42:24 +0000 app-emulation/qemu: drop 6.0.0-r4, 6.0.0-r54, 6.0.1-r1 Bug: https://bugs.gentoo.org/807055 Bug: https://bugs.gentoo.org/820743 Closes: https://github.com/gentoo/gentoo/pull/23421 Signed-off-by: John Helmert III <ajak@gentoo.org> Signed-off-by: Matthias Maier <tamiko@gentoo.org> app-emulation/qemu/Manifest | 2 - .../qemu/files/qemu-5.2.0-cleaner-werror.patch | 40 - .../qemu/files/qemu-5.2.0-dce-locks.patch | 18 - app-emulation/qemu/files/qemu-5.2.0-strings.patch | 23 - app-emulation/qemu/qemu-6.0.0-r4.ebuild | 910 -------------------- app-emulation/qemu/qemu-6.0.0-r54.ebuild | 911 --------------------- app-emulation/qemu/qemu-6.0.1-r1.ebuild | 911 --------------------- 7 files changed, 2815 deletions(-) GLSA request filed The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=fd3b0a54cba850267bd5f7ed0ac9f66f91aa44ac commit fd3b0a54cba850267bd5f7ed0ac9f66f91aa44ac Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2022-08-14 16:09:07 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-08-14 16:09:43 +0000 [ GLSA 202208-27 ] QEMU: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/733448 Bug: https://bugs.gentoo.org/736605 Bug: https://bugs.gentoo.org/773220 Bug: https://bugs.gentoo.org/775713 Bug: https://bugs.gentoo.org/780816 Bug: https://bugs.gentoo.org/792624 Bug: https://bugs.gentoo.org/807055 Bug: https://bugs.gentoo.org/810544 Bug: https://bugs.gentoo.org/820743 Bug: https://bugs.gentoo.org/835607 Bug: https://bugs.gentoo.org/839762 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Sam James <sam@gentoo.org> glsa-202208-27.xml | 85 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 85 insertions(+) GLSA done, all done. |