eb2b3df626
Fixes the following security issues: CVE-2017-13672: QEMU (aka Quick Emulator), when built with the VGA display emulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors involving display update. CVE-2017-15118: Stack buffer overflow in NBD server triggered via long export name CVE-2017-15119: DoS via large option request CVE-2017-15268: Qemu through 2.10.0 allows remote attackers to cause a memory leak by triggering slow data-channel read operations, related to io/channel-websock.c. For more details, see the release announcement: https://lists.nongnu.org/archive/html/qemu-devel/2017-12/msg03618.html Signed-off-by: Peter Korsgaard <peter@korsgaard.com> |
||
---|---|---|
.. | ||
0001-user-exec-fix-usage-of-mcontext-structure-on-ARM-uCl.patch | ||
Config.in | ||
Config.in.host | ||
qemu.hash | ||
qemu.mk |