[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#28077: [PATCH] gnu: qemu: Fix CVE-2017-{10664, 10806, 10911, 11434}.
|
From: |
Marius Bakke |
|
Subject: |
bug#28077: [PATCH] gnu: qemu: Fix CVE-2017-{10664, 10806, 10911, 11434}. |
|
Date: |
Sun, 13 Aug 2017 19:10:56 +0200 |
|
User-agent: |
Notmuch/0.25 (https://notmuchmail.org) Emacs/25.2.1 (x86_64-unknown-linux-gnu) |
Alex Vong <address@hidden> writes:
> Severity: important
> Tags: security
>
> Hello,
>
> This fixes a bunch of CVEs which were left unfixed. Most of the patches
> are copied from the upstream git repo. Except one is copied from Xen
> Security Advisory.
Thanks for these, applied!
I took the liberty of removing the commit messages from the patches,
since we have the URLs anyway. It reduced the commit length by 31%.
[...]
> diff --git a/gnu/packages/patches/qemu-CVE-2017-10911.patch
> b/gnu/packages/patches/qemu-CVE-2017-10911.patch
> new file mode 100644
> index 000000000..fed3fb8ff
> --- /dev/null
> +++ b/gnu/packages/patches/qemu-CVE-2017-10911.patch
> @@ -0,0 +1,123 @@
> +Fix CVE-2017-10911:
> +
> +https://xenbits.xen.org/xsa/advisory-216.html
> +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10911
> +https://security-tracker.debian.org/tracker/CVE-2017-10911
> +
> +Patch copied from Xen Security Advisory:
> +
> +https://xenbits.xen.org/xsa/xsa216-qemuu.patch
Apparently this patch has been pulled by one of the qemu developers, but
is not on any branches on git.qemu.org:
https://lists.gnu.org/archive/html/qemu-devel/2017-06/msg06662.html
I wonder what's up with that.
signature.asc
Description: PGP signature