[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] Xen Security Advisory 208 (CVE-2017-2615) - oob access in cirrus bitblt copy

To: "Xen.org security team" <security@xxxxxxx>
From: Michael Young <m.a.young@xxxxxxxxxxxx>
Date: Fri, 10 Feb 2017 22:13:09 +0000
Cc: xen-devel@xxxxxxxxxxxxx
Delivery-date: Fri, 10 Feb 2017 22:15:40 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

On Fri, 10 Feb 2017, Xen.org security team wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

           Xen Security Advisory CVE-2017-2615 / XSA-208

                  oob access in cirrus bitblt copy

The qemu-xen-traditional patch is malformed, as the file it tries to patchis at the xen-qemu location and the before and after line counts arewrong, so


--- a/hw/display/cirrus_vga.c
+++ b/hw/display/cirrus_vga.c
@@ -307,11 +307,9 @@ static bool blit_region_is_unsafe(struct CirrusVGAState *s,

should be (if I have got the offset right)

--- a/hw/cirrus_vga.c
+++ b/hw/cirrus_vga.c
@@ -308,10 +308,9 @@ static bool blit_region_is_unsafe(struct CirrusVGAState *s,

        Michael Young

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel

References:
- [Xen-devel] Xen Security Advisory 208 (CVE-2017-2615) - oob access in cirrus bitblt copy
  - From: Xen . org security team

Prev by Date: [Xen-devel] [PATCH] Make it compiler under Xen 4.7.
Next by Date: [Xen-devel] [ARM] SMC (and HVC) handling in hypervisor
Previous by thread: [Xen-devel] Xen Security Advisory 208 (CVE-2017-2615) - oob access in cirrus bitblt copy
Next by thread: Re: [Xen-devel] [Xen-users] Xen Security Advisory 208 (CVE-2017-2615) - oob access in cirrus bitblt copy
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.