[Spice-devel] [PATCH] server: bitmap_consistent: replace spice_error with spice_warning
Daniel P. Berrange
berrange at redhat.com
Tue Sep 3 05:35:01 PDT 2013
On Sun, Sep 01, 2013 at 09:43:17PM +0300, Uri Lublin wrote:
> bitmap_consistent should return true or false.
> Currently it aborts instead of returning false, due to spice_error.
> Replacing spice_error with spice_warning, provides information and returns
> false, as expected.
>
> This fixes Fedora bz#997932
The issue being fixed here is a security flaw, since it allows an
unprivileged users in the guest OS to crash the entire QEMU process
in the host. It is really bad practice to do security fixes without
the commit message explicitly saying that it is a security fix. People
using spice need to know so that they can apply it to any old branches
they may have.
Regards,
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
More information about the Spice-devel
mailing list