[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH v2 07/11] chardev: Let IOReadHandler use unsigne
From: |
Philippe Mathieu-Daudé |
Subject: |
Re: [Qemu-devel] [PATCH v2 07/11] chardev: Let IOReadHandler use unsigned type |
Date: |
Fri, 22 Jan 2021 14:55:18 +0100 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.6.0 |
Hi Prasad, Richard.
On 1/22/21 12:52 PM, P J P wrote:
> +-- On Fri, 22 Jan 2021, Richard Purdie wrote --+
> | If so can anyone point me at that change?
> |
> | I ask since CVE-2018-18438 is marked as affecting all qemu versions
> | (https://nvd.nist.gov/vuln/detail/CVE-2018-18438).
> |
> | If it was fixed, the version mask could be updated. If the fix wasn't
> deemed
> | worthwhile for some reason that is also fine and I can mark this one as
> such
> | in our system. I'm being told we only need one of the patches in this
> series
> | which I also don't believe as I suspect we either need the set or none of
> | them!
> |
> | Any info would be most welcome.
>
> -> https://lists.gnu.org/archive/html/qemu-devel/2018-10/msg02239.html
> -> https://lists.gnu.org/archive/html/qemu-devel/2018-10/msg02231.html
>
> * Yes, the type change fix had come up during patch reviews above, and this
> series implemented the change.
>
> * Series is required IIUC, didn't realise it's not merged.
Audit from Marc-André pointed that this is unlikely, we asked the
reporter for a reproducer and got not news, and eventually closed
this as NOTABUG (not even WONTFIX):
https://bugzilla.redhat.com/show_bug.cgi?id=1609015
Regards,
Phil.