[PATCH] gnu: qemu: Fix CVE-2017-{10664,10806,10911,11434}.

Done

Details

2 participants

Alex Vong
Marius Bakke

Owner: unassigned

Submitted by: Alex Vong

Severity: important

Alex Vong wrote on 13 Aug 2017 15:38

Recipients:(address . guix-patches@gnu.org)

Message-ID:87pobz1tbp.fsf@gmail.com

Severity: important

Tags: security

Hello,

This fixes a bunch of CVEs which were left unfixed. Most of the patches

are copied from the upstream git repo. Except one is copied from Xen

Security Advisory.

Attachment: 0001-gnu-qemu-Fix-CVE-2017-10664-10806-10911-11434.patch

Cheers,

Alex

Alex Vong wrote on 13 Aug 2017 16:57

Add 'patch' tag.

Recipients:(address . control@debbugs.gnu.org)

Message-ID:87lgmn1pnr.fsf@gmail.com

package guix-patches
tags 27987 patch
tags 28077 patch
thanks

Marius Bakke wrote on 13 Aug 2017 19:10

Re: [bug#28077] [PATCH] gnu: qemu: Fix CVE-2017-{10664, 10806, 10911, 11434}.

Recipients:

Message-ID:87wp671jhb.fsf@fastmail.com

Alex Vong <alexvong1995@gmail.com> writes:

Toggle quote (9 lines)

> Severity: important

> Tags: security

> Hello,

> This fixes a bunch of CVEs which were left unfixed. Most of the patches

> are copied from the upstream git repo. Except one is copied from Xen

> Security Advisory.

Thanks for these, applied!

I took the liberty of removing the commit messages from the patches,

since we have the URLs anyway. It reduced the commit length by 31%.

[...]

Toggle quote (16 lines)> diff --git a/gnu/packages/patches/qemu-CVE-2017-10911.patch b/gnu/packages/patches/qemu-CVE-2017-10911.patch
> new file mode 100644
> index 000000000..fed3fb8ff
> --- /dev/null
> +++ b/gnu/packages/patches/qemu-CVE-2017-10911.patch
> @@ -0,0 +1,123 @@
> +Fix CVE-2017-10911:
> +
> +https://xenbits.xen.org/xsa/advisory-216.html
> +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10911
> +https://security-tracker.debian.org/tracker/CVE-2017-10911
> +
> +Patch copied from Xen Security Advisory:
> +
> +https://xenbits.xen.org/xsa/xsa216-qemuu.patch

Apparently this patch has been pulled by one of the qemu developers, but

is not on any branches on git.qemu.org:

https://lists.gnu.org/archive/html/qemu-devel/2017-06/msg06662.html

I wonder what's up with that.

Closed

Your comment

This issue is archived.

To comment on this conversation send an email to 28077@debbugs.gnu.org

is:open	open issues
is:done	closed issues
submitter:<who>	search issue submitter
author:<who>	search by message author
date:yesterday..now	search by issue date
mdate:3m..2d	search by message date