Summary: | <app-emulation/qemu-7.2.3-r1: Insufficient access control in 9pfs | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sam James <sam> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | ||
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B3 [glsa+] | ||
Package list: | Runtime testing required: | --- |
Description
Sam James
![]() ![]() ![]() ![]() The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d2d08ad4d9a70136bf79818eb698e3cb7eead3b0 commit d2d08ad4d9a70136bf79818eb698e3cb7eead3b0 Author: Sam James <sam@gentoo.org> AuthorDate: 2023-07-02 23:00:41 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-07-02 23:00:43 +0000 app-emulation/qemu: fix CVE-2023-2861 for 8.0.2 Bug: https://bugs.gentoo.org/909542 Signed-off-by: Sam James <sam@gentoo.org> .../qemu/files/qemu-8.0.2-CVE-2023-2861.patch | 162 ++++ app-emulation/qemu/qemu-8.0.2-r1.ebuild | 964 +++++++++++++++++++++ 2 files changed, 1126 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=dde094e8f986b73ffdcb3f71226aac92e415408a commit dde094e8f986b73ffdcb3f71226aac92e415408a Author: Sam James <sam@gentoo.org> AuthorDate: 2023-07-02 22:58:04 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-07-02 22:58:04 +0000 app-emulation/qemu: fix CVE-2023-2861 for 7.2.3 Bug: https://bugs.gentoo.org/909542 Signed-off-by: Sam James <sam@gentoo.org> .../qemu/files/qemu-7.2.3-CVE-2023-2861.patch | 162 ++++ app-emulation/qemu/qemu-7.2.3-r1.ebuild | 973 +++++++++++++++++++++ 2 files changed, 1135 insertions(+) The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=229d28a525799ae2f65b1a2cd206b07189241026 commit 229d28a525799ae2f65b1a2cd206b07189241026 Author: Sam James <sam@gentoo.org> AuthorDate: 2023-07-02 23:34:19 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-07-02 23:34:42 +0000 app-emulation/qemu: use right CVE-2023-2861 patch for 8.0.2 Fixes: d2d08ad4d9a70136bf79818eb698e3cb7eead3b0 Bug: https://bugs.gentoo.org/909542 Signed-off-by: Sam James <sam@gentoo.org> .../qemu/files/qemu-8.0.2-CVE-2023-2861.patch | 23 +++++++++++++--------- .../{qemu-8.0.2-r1.ebuild => qemu-8.0.2-r2.ebuild} | 0 2 files changed, 14 insertions(+), 9 deletions(-) Ping. Please clean up vulnerable versions 7.2.0-r3 and 7.2.3. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=50ad24c08d86326adcff296e6beb26107e0ab028 commit 50ad24c08d86326adcff296e6beb26107e0ab028 Author: John Helmert III <ajak@gentoo.org> AuthorDate: 2023-10-30 02:57:34 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2023-10-30 02:58:26 +0000 app-emulation/qemu: drop 7.2.0-r3, 7.2.3 Bug: https://bugs.gentoo.org/909542 Bug: https://bugs.gentoo.org/865112 Signed-off-by: John Helmert III <ajak@gentoo.org> app-emulation/qemu/Manifest | 2 - app-emulation/qemu/qemu-7.2.0-r3.ebuild | 973 -------------------------------- app-emulation/qemu/qemu-7.2.3.ebuild | 972 ------------------------------- 3 files changed, 1947 deletions(-) Not much to do here anymore. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=1baff7cf9283037d49a3b562d771e3cf77039bfa commit 1baff7cf9283037d49a3b562d771e3cf77039bfa Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2024-08-09 09:49:28 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2024-08-09 09:49:35 +0000 [ GLSA 202408-18 ] QEMU: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/857657 Bug: https://bugs.gentoo.org/865121 Bug: https://bugs.gentoo.org/883693 Bug: https://bugs.gentoo.org/909542 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202408-18.xml | 53 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 53 insertions(+) |