[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] Xen Security Advisory 140 - QEMU leak of uninitialized heap memory in rtl8139 device model



Hi Ian,

Please find attached "new" patches for the 'Qemu-dm 3.4 stable branchâ 
(git://xenbits.xen.org/qemu-xen-3.4-testing.git) with Signed-off-by included:

# sha256sum xsa140-qemut-3.4-?.patch
444b0487b6ae702b13626780b94cfe9d5b7e39c0b6ae26fc162fe93c84c83407  
xsa140-qemut-3.4-1.patch
b08ee945330020a522a549ce9aa118abe93624e66b925cbb5f22e0c771642afa  
xsa140-qemut-3.4-2.patch
21be371510876261830d3895b68d6288e57ca651fc67befb0323d3bc3bdb5b1c  
xsa140-qemut-3.4-3.patch
3fbd3d4a236b249bf4b2cae53d2e8242d2c5f53efd8848c879de80ae64de05c8  
xsa140-qemut-3.4-4.patch
71c32327b813c8a2c9dc0e4dd3fc08bfcf1d107febaa2eae085a67781890fe2b  
xsa140-qemut-3.4-5.patch
5542dd9cca45586e45d5f6eb4276e61a485994ea31f2aad4ac65801832890bf1  
xsa140-qemut-3.4-6.patch
908e492694dd5102280799cac6151f551aff35a08900eee33ca14fa026c8dc51  
xsa140-qemut-3.4-7.patch

Attachment: xsa140-qemut-3.4-1.patch
Description: Binary data

Attachment: xsa140-qemut-3.4-2.patch
Description: Binary data

Attachment: xsa140-qemut-3.4-3.patch
Description: Binary data

Attachment: xsa140-qemut-3.4-4.patch
Description: Binary data

Attachment: xsa140-qemut-3.4-5.patch
Description: Binary data

Attachment: xsa140-qemut-3.4-6.patch
Description: Binary data

Attachment: xsa140-qemut-3.4-7.patch
Description: Binary data

---
Yura

> On Aug 13, 2015, at 18:02 PM, Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx> wrote:
> 
> Yuriy Kohut writes ("Re: Xen Security Advisory 140 - QEMU leak of 
> uninitialized heap memory in rtl8139 device model"):
>> Please find attached patches for the 'Qemu-dm 3.4 stable branchâ 
>> (git://xenbits.xen.org/qemu-xen-3.4-testing.git):
>> 
>> # sha256sum xsa140-qemut-3.4-?.patch
>> a6f614aea18f5ebf37b7d462c9190d7b9426a7b2ca304f314d05b8a328c9f831  
>> xsa140-qemut-3.4-1.patch
>> dd3f90a407f83fdaf7efa42a5aabcc479ad88a0bc8b98d31f1809dfe81543186  
>> xsa140-qemut-3.4-2.patch
>> b091a84fe888362a1501faf8aa546d2b8816e0ce6e197d8da9cd0bafc0e26dbb  
>> xsa140-qemut-3.4-3.patch
>> 454e6d0d6fe464c7a696c168ca5218fbd5d496eab1f5565bc02e391997b02a3d  
>> xsa140-qemut-3.4-4.patch
>> def8a6a33bddd77518b9ba2f8f16b2ac4ff962c34f24a94173e41b5a82adf68a  
>> xsa140-qemut-3.4-5.patch
>> c599838dfea5aa50eed8bc2ca373734a6ef4529738aa1d056637625d04d35875  
>> xsa140-qemut-3.4-6.patch
>> 6d2efbd7b492355160f38a61e0a83c5fb5be86e2a4c953cc2f4e05a2dda7001e  
>> xsa140-qemut-3.4-7.patch
> 
> Hi.  Thanks a lot for this.
> 
> We (Xen maintainers) intend to handle these by applying this (as a
> bugfix) to xen.git#staging, which is the 4.6 release prep branch.
> They apply with some minor line offsets.  We'll then feed that into
> our maintained stable branches in the usual way, and update the
> advisory.
> 
> Yuriy, can I have your Signed-off-by for the backport work, in
> accordance with
>  
> http://wiki.xenproject.org/wiki/Submitting_Xen_Project_Patches#Signing_off_a_patch
> ?
> 
> If so I will repost this as a formal patch series.
> 
> Thanks,
> Ian.

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.