[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: cve patch wanted
|
From: |
P J P |
|
Subject: |
Re: cve patch wanted |
|
Date: |
Mon, 13 Jul 2020 12:24:12 +0000 (UTC) |
Hello all,
Thank you Philippe for looping me in.
On Monday, 13 July, 2020, 1:46:45 pm IST, Philippe Mathieu-Daudé
<philmd@redhat.com> wrote:
7/11/20 2:28 PM, 林奕帆 wrote:
> I am a student from Fudan University in China. I am doing research on
> CVE patch recently. But i can not find the PATCH COMMIT of
> CVE-2019-12247 cve-2019-12155 cve-2019-6778.Can you give me the commit
> fix this cve?
CVE-2019-12155 QEMU: qxl: null pointer dereference while releasing spice
resources
->
https://git.qemu.org/?p=qemu.git;a=commit;h=d52680fc932efb8a2f334cc6993e705ed1e31e99
-> https://www.openwall.com/lists/oss-security/2019/05/22/1
CVE-2019-6778 QEMU: slirp: heap buffer overflow in tcp_emu()
-> https://www.openwall.com/lists/oss-security/2019/01/24/5
-> https://lists.gnu.org/archive/html/qemu-devel/2019-01/msg03132.html
This slirp patch is merged upstream. IIRC, after its merger SLiRP code moved
into a new repository
will have to dig through git logs/history to find patch link/URL.
CVE-2019-12247 QEMU: qemu-guest-agent: integer overflow while running
guest-exec command
-> https://www.openwall.com/lists/oss-security/2019/05/22/4
-> https://lists.gnu.org/archive/html/qemu-devel/2019-05/msg04596.html
@Michael: Looks like 'CVE-2019-12247' patch above was not merged...? Any idea?
Thank you.
---
-P J P