GNU bug report logs -
#28077
[PATCH] gnu: qemu: Fix CVE-2017-{10664,10806,10911,11434}.
Previous Next
Reported by: Alex Vong <alexvong1995 <at> gmail.com>
Date: Sun, 13 Aug 2017 13:40:02 UTC
Severity: important
Tags: patch, security
Done: Marius Bakke <mbakke <at> fastmail.com>
Bug is archived. No further changes may be made.
Full log
Message #12 received at 28077-done <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Alex Vong <alexvong1995 <at> gmail.com> writes:
> Severity: important
> Tags: security
>
> Hello,
>
> This fixes a bunch of CVEs which were left unfixed. Most of the patches
> are copied from the upstream git repo. Except one is copied from Xen
> Security Advisory.
Thanks for these, applied!
I took the liberty of removing the commit messages from the patches,
since we have the URLs anyway. It reduced the commit length by 31%.
[...]
> diff --git a/gnu/packages/patches/qemu-CVE-2017-10911.patch b/gnu/packages/patches/qemu-CVE-2017-10911.patch
> new file mode 100644
> index 000000000..fed3fb8ff
> --- /dev/null
> +++ b/gnu/packages/patches/qemu-CVE-2017-10911.patch
> @@ -0,0 +1,123 @@
> +Fix CVE-2017-10911:
> +
> +https://xenbits.xen.org/xsa/advisory-216.html
> +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10911
> +https://security-tracker.debian.org/tracker/CVE-2017-10911
> +
> +Patch copied from Xen Security Advisory:
> +
> +https://xenbits.xen.org/xsa/xsa216-qemuu.patch
Apparently this patch has been pulled by one of the qemu developers, but
is not on any branches on git.qemu.org:
https://lists.gnu.org/archive/html/qemu-devel/2017-06/msg06662.html
I wonder what's up with that.
[signature.asc (application/pgp-signature, inline)]
This bug report was last modified 7 years and 286 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.