diff options
| author | Mark H Weaver <mhw@netris.org> | 2016-02-02 21:57:43 -0500 |
|---|---|---|
| committer | Mark H Weaver <mhw@netris.org> | 2016-02-03 00:05:22 -0500 |
| commit | fd9a5b0fc3594cf3c62099f01502a150a54823fc (patch) | |
| tree | bd8566f193f9a8921750a49a203395fa75f946bf /gnu/packages/patches/qemu-CVE-2015-8613.patch | |
| parent | 80cc3a0a4a4e3b7deca4d1e3e4533eb400e3fde9 (diff) | |
| download | guix-fd9a5b0fc3594cf3c62099f01502a150a54823fc.tar.gz | |
gnu: qemu: Update to 2.5.0; add fixes for security flaws.
* gnu/packages/patches/qemu-CVE-2015-6855.patch: Delete file. * gnu/packages/patches/qemu-virtio-9p-use-accessor-to-get-thread-pool.patch, gnu/packages/patches/qemu-CVE-2015-8558.patch, gnu/packages/patches/qemu-CVE-2015-8567.patch, gnu/packages/patches/qemu-CVE-2015-8613.patch, gnu/packages/patches/qemu-CVE-2015-8701.patch, gnu/packages/patches/qemu-CVE-2015-8743.patch, gnu/packages/patches/qemu-CVE-2016-1568.patch, gnu/packages/patches/qemu-CVE-2016-1922.patch: New files. * gnu-system.am (dist_patch_DATA): Remove 'qemu-CVE-2015-6855.patch'; add the new patches. * gnu/packages/qemu.scm (qemu): Update to 2.5.0. [source]: Remove old patches and add new ones. [arguments]: Add 'disable-test-qga' phase. (%glib-memory-vtable-patch, %glib-duplicate-test-patch): Remove variables.
Diffstat (limited to 'gnu/packages/patches/qemu-CVE-2015-8613.patch')
| -rw-r--r-- | gnu/packages/patches/qemu-CVE-2015-8613.patch | 35 |
1 files changed, 35 insertions, 0 deletions
diff --git a/gnu/packages/patches/qemu-CVE-2015-8613.patch b/gnu/packages/patches/qemu-CVE-2015-8613.patch new file mode 100644 index 0000000000..3bcc6ab8d6 --- /dev/null +++ b/gnu/packages/patches/qemu-CVE-2015-8613.patch @@ -0,0 +1,35 @@ +From 36fef36b91f7ec0435215860f1458b5342ce2811 Mon Sep 17 00:00:00 2001 +From: P J P <ppandit@redhat.com> +Date: Mon, 21 Dec 2015 15:13:13 +0530 +Subject: [PATCH] scsi: initialise info object with appropriate size + +While processing controller 'CTRL_GET_INFO' command, the routine +'megasas_ctrl_get_info' overflows the '&info' object size. Use its +appropriate size to null initialise it. + +Reported-by: Qinghao Tang <luodalongde@gmail.com> +Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org> +Message-Id: <alpine.LFD.2.20.1512211501420.22471@wniryva> +Cc: qemu-stable@nongnu.org +Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> +Signed-off-by: P J P <ppandit@redhat.com> +--- + hw/scsi/megasas.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/hw/scsi/megasas.c b/hw/scsi/megasas.c +index d7dc667..576f56c 100644 +--- a/hw/scsi/megasas.c ++++ b/hw/scsi/megasas.c +@@ -718,7 +718,7 @@ static int megasas_ctrl_get_info(MegasasState *s, MegasasCmd *cmd) + BusChild *kid; + int num_pd_disks = 0; + +- memset(&info, 0x0, cmd->iov_size); ++ memset(&info, 0x0, dcmd_size); + if (cmd->iov_size < dcmd_size) { + trace_megasas_dcmd_invalid_xfer_len(cmd->index, cmd->iov_size, + dcmd_size); +-- +2.6.3 + |