[Spice-devel] [CVE-2014-3615 PULL 0/3] vbe: bochs dispi interface fixes
Gerd Hoffmann
kraxel at redhat.com
Fri Sep 5 04:21:50 PDT 2014
Hi,
So, as announced yesterday, here comes the CVE-2014-3615 pull request.
please pull,
Gerd
The following changes since commit 30eaca3acdf17d7bcbd1213eb149c02037edfb0b:
Merge remote-tracking branch 'remotes/spice/tags/pull-spice-20140902-1' into staging (2014-09-02 10:26:10 +0100)
are available in the git repository at:
git://git.kraxel.org/qemu tags/pull-cve-2014-3615-20140905-1
for you to fetch changes up to ab9509cceabef28071e41bdfa073083859c949a7:
spice: make sure we don't overflow ssd->buf (2014-09-05 12:19:50 +0200)
----------------------------------------------------------------
CVE-2014-3615: fix sanity checks in vbe (bochs dispi) and spice.
----------------------------------------------------------------
Gerd Hoffmann (3):
vbe: make bochs dispi interface return the correct memory size with qxl
vbe: rework sanity checks
spice: make sure we don't overflow ssd->buf
hw/display/qxl.c | 1 +
hw/display/vga.c | 159 ++++++++++++++++++++++++++++++++-------------------
hw/display/vga_int.h | 1 +
ui/spice-display.c | 20 +++++--
4 files changed, 116 insertions(+), 65 deletions(-)
More information about the Spice-devel
mailing list