[PATCH] gnu: qemu: Fix CVE-2017-{10664,10806,10911,11434}.

  • Done
  • quality assurance status badge
Details
2 participants
  • Alex Vong
  • Marius Bakke
Owner
unassigned
Submitted by
Alex Vong
Severity
important
A
A
Alex Vong wrote on 13 Aug 2017 15:38
(address . guix-patches@gnu.org)
87pobz1tbp.fsf@gmail.com
Severity: important
Tags: security

Hello,

This fixes a bunch of CVEs which were left unfixed. Most of the patches
are copied from the upstream git repo. Except one is copied from Xen
Security Advisory.
Attachment: 0001-gnu-qemu-Fix-CVE-2017-10664-10806-10911-11434.patch
Cheers,
Alex
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEdZDkzSn0Cycogr9IxYq4eRf1Ea4FAlmQVksACgkQxYq4eRf1
Ea5MiBAAtrBDQQxqnw4H52t78ENwSn9xgRMfeEKnAU9v+gTVVAiDSFVGM+V954jG
5ZoBRQxrfxn7OTJylEG+i/NuQUMQlvocUBduKD4QrDmWuydJBF6687CCFkxQWv84
MWsuqX1dIgISrPr9BJqXDtTcarjf2WoZGmxJDFjpyqeHgwCUEz6H9Hh8x8l8R5Zq
s9pBAwpVNUffFrLIW4rVViTUJrcoS6C52Ok9nkcMrFMIXUTwwfL1fpACTiQIWgQF
PbM4mTjAmfZ0XE/FUHvqiUmMUUbSGwdunqYCtTVZX+7ZAvIyT61HjS93t3k6Whwj
NzV9xSiyl4zD60ULceuBkCWcA4IUWTx0QitTwWBBG14LT0AN9zeQo60DnVNwUlC7
JkQGIvuhn+YnoNFxWJv0O0Rar6xxce/OwkNtELFDKHrznheqian46NSYUQ8ADOkB
vPgh51tZcF9pSzsOaU5mlqAEgcAIaZHUVP/inJo59kpanddY3mRSrdzDVlppjbPp
avAWIsdyk2ZHvS5zhCgeuTXI9pNnAZ1yAFWAT7/tRL5nZxSzIiwkHSbRi0A85s28
APvIVGYqYmkdDUWYz8CEIlcMiXWHDrZ132AmLwnc9wsm1WCj0DWYvp+JWEZkXQPI
mHxKtAGul+5NPVfS6GrX2ux7dQqVnIWhfeMfmKqZeUESNlSj2mI=
=Y6xs
-----END PGP SIGNATURE-----

A
A
Alex Vong wrote on 13 Aug 2017 16:57
Add 'patch' tag.
(address . control@debbugs.gnu.org)
87lgmn1pnr.fsf@gmail.com
package guix-patches
tags 27987 patch
tags 28077 patch
thanks
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEdZDkzSn0Cycogr9IxYq4eRf1Ea4FAlmQaNoACgkQxYq4eRf1
Ea7ivxAAm6MbUd8RN4VEK5MMEy/O2O16WHBQs9tEnPUTSOutYNbDDYPTCxi3wMMo
DX04Tv5E7hqJs4t1sefZ2PFHzB/yyB2J3q+MBJCgioSwlgRlCnvHh7I/VvUwcLew
OvdwUdKCB8DbZWia1z+FqWJhMqzSQhUIeEabq2yVALFeW/KsxDKMf/fP2wXY7h6t
gJqubJRE3spl/jKzmba4QyrEw/Ci8Ywt0VtZ2rhlxqQnk5WcZ6nFTX+iM63Y49IE
HACaBxUDGB2JxkdJd66N078sHigc8v+8ZYd4eqXNXa6nmC9S20K4b5ONvT8mfZat
KTL1VF/m878ntFP15Aey0z0oyaxheq9WYRM0M6DK84WeAUdsD4I6KHvTpCsKm4aI
t9YIIiUzY2bG8eqK2b4hzYGMR/JNYxstaUQLKkNzgO1O+QUJHFy16unFG46j/cSI
fj6OwFdIUrDHkYHHNrP4TInuh3YM4sbmGOqX2Ksy66oRqZUUmUdeDUX66k4KO9k9
ob7ANlTJxf5AYdOOypFd6waQAwVBhJaH4/Hh2jtQk/qApeXTrobiEJqnuac1QENd
yPdJpM++KDTkUyn8ENDUj670k+XbZ87J6nupbpUgoPGdOuei9uRECR2oa744WbuE
SjnVR+TgYGZvEkKoLLxC5l2QCEWFpjmZpDvZZ0bFAiBKhacPQek=
=vvH+
-----END PGP SIGNATURE-----

M
M
Marius Bakke wrote on 13 Aug 2017 19:10
Re: [bug#28077] [PATCH] gnu: qemu: Fix CVE-2017-{10664, 10806, 10911, 11434}.
87wp671jhb.fsf@fastmail.com
Alex Vong <alexvong1995@gmail.com> writes:

Toggle quote (9 lines)
> Severity: important
> Tags: security
>
> Hello,
>
> This fixes a bunch of CVEs which were left unfixed. Most of the patches
> are copied from the upstream git repo. Except one is copied from Xen
> Security Advisory.

Thanks for these, applied!

I took the liberty of removing the commit messages from the patches,
since we have the URLs anyway. It reduced the commit length by 31%.

[...]

Toggle quote (16 lines)
> diff --git a/gnu/packages/patches/qemu-CVE-2017-10911.patch b/gnu/packages/patches/qemu-CVE-2017-10911.patch
> new file mode 100644
> index 000000000..fed3fb8ff
> --- /dev/null
> +++ b/gnu/packages/patches/qemu-CVE-2017-10911.patch
> @@ -0,0 +1,123 @@
> +Fix CVE-2017-10911:
> +
> +https://xenbits.xen.org/xsa/advisory-216.html
> +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10911
> +https://security-tracker.debian.org/tracker/CVE-2017-10911
> +
> +Patch copied from Xen Security Advisory:
> +
> +https://xenbits.xen.org/xsa/xsa216-qemuu.patch

Apparently this patch has been pulled by one of the qemu developers, but
is not on any branches on git.qemu.org:


I wonder what's up with that.
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEEu7At3yzq9qgNHeZDoqBt8qM6VPoFAlmQiCAACgkQoqBt8qM6
VPqkaQgAiVtc2bLyLbXB5j6bNFBv/fYGXcJelGn6rd3L9zhwMA+ly+E2GwVIvxbB
fWz5tubtiZ+Hsr6Ch9mwKXAUg89SJrHfb33FzF2cmx3trlT1Ee7x9Nk6OEDowcqV
2qdWs0TILLWc+2N5pA/eyxHa7XJITUMA6u686GJ3JuD/Td07GOnY+SO0zjZRBhjN
uKfc68kSPSizRZEADdfAJDhnPyqI87hvhZSoxanfVC8kWOO9gZ4jVbLMtFQC/EY6
nQmf40xoz5xyO4f0Hy3r5vOrt4SOIgb8kggiH4wrdTpjQpJfp8Iykj4cFchvS9yD
1bP/sahbY8YLcgWEq/iwPSWm5eDCUQ==
=gyaL
-----END PGP SIGNATURE-----

Closed
?
Your comment

This issue is archived.

To comment on this conversation send an email to 28077@debbugs.gnu.org

To respond to this issue using the mumi CLI, first switch to it
mumi current 28077
Then, you may apply the latest patchset in this issue (with sign off)
mumi am -- -s
Or, compose a reply to this issue
mumi compose
Or, send patches to this issue
mumi send-email *.patch