[Spice-devel,CVE-2014-3615,PULL,0/3] vbe: bochs dispi interface fixes

Submitted by Gerd Hoffmann on Sept. 5, 2014, 11:21 a.m.

Details

Message ID 1409916113-3472-1-git-send-email-kraxel@redhat.com
State New
Headers show

Not browsing as part of any series.

Pull-request download mbox

git pull git://git.kraxel.org/qemu tags/pull-cve-2014-3615-20140905-1

Commit Message

Gerd Hoffmann Sept. 5, 2014, 11:21 a.m.
Hi,

So, as announced yesterday, here comes the CVE-2014-3615 pull request.

please pull,
  Gerd

The following changes since commit 30eaca3acdf17d7bcbd1213eb149c02037edfb0b:

  Merge remote-tracking branch 'remotes/spice/tags/pull-spice-20140902-1' into staging (2014-09-02 10:26:10 +0100)

are available in the git repository at:


  git://git.kraxel.org/qemu tags/pull-cve-2014-3615-20140905-1

for you to fetch changes up to ab9509cceabef28071e41bdfa073083859c949a7:

  spice: make sure we don't overflow ssd->buf (2014-09-05 12:19:50 +0200)

----------------------------------------------------------------
CVE-2014-3615: fix sanity checks in vbe (bochs dispi) and spice.

----------------------------------------------------------------
Gerd Hoffmann (3):
      vbe: make bochs dispi interface return the correct memory size with qxl
      vbe: rework sanity checks
      spice: make sure we don't overflow ssd->buf

 hw/display/qxl.c     |   1 +
 hw/display/vga.c     | 159 ++++++++++++++++++++++++++++++++-------------------
 hw/display/vga_int.h |   1 +
 ui/spice-display.c   |  20 +++++--
 4 files changed, 116 insertions(+), 65 deletions(-)

Comments

On 5 September 2014 12:21, Gerd Hoffmann <kraxel@redhat.com> wrote:
>   Hi,
>
> So, as announced yesterday, here comes the CVE-2014-3615 pull request.
>
> please pull,
>   Gerd
>
> The following changes since commit 30eaca3acdf17d7bcbd1213eb149c02037edfb0b:
>
>   Merge remote-tracking branch 'remotes/spice/tags/pull-spice-20140902-1' into staging (2014-09-02 10:26:10 +0100)
>
> are available in the git repository at:
>
>
>   git://git.kraxel.org/qemu tags/pull-cve-2014-3615-20140905-1
>
> for you to fetch changes up to ab9509cceabef28071e41bdfa073083859c949a7:
>
>   spice: make sure we don't overflow ssd->buf (2014-09-05 12:19:50 +0200)
>
> ----------------------------------------------------------------
> CVE-2014-3615: fix sanity checks in vbe (bochs dispi) and spice.
>
> ----------------------------------------------------------------
> Gerd Hoffmann (3):
>       vbe: make bochs dispi interface return the correct memory size with qxl
>       vbe: rework sanity checks
>       spice: make sure we don't overflow ssd->buf

Applied, thanks.

-- PMM