[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Wheezy update for qemu ?


> I'll prepare a patch adding the usb_xhci_exit function and will
> perform some more tests.

Well, here is what I got after taking some hours to try to produce a
patch for CVE-2016-7466[0]:

 * It is not possible to introduce the usb_xhci_exit function in qemu v1.1.2
   as it has been done in qemu v2.2.0[1] because it would imply a significant
   code refactoring. For instance, the diff between hcd-xhci.c in qemu v1.1.2
   and qemu v2.2.0 is 3841 lines long, although hcd-xhci.c itself in v1.1.2 is
   2955 lines long !

 * I'm not sure I'll be able to develop a patch alone in my assigned time
   because I'm far from being a C expert, and the code is far from being
   I haven't got any answer from the QEMU team, and it's quite unsure that
   upstream will be interested in taking time to patch the 1.1.2 version.

So, if anybody wants to take time to work on this patch, or, at least, have a
look at the issue, it would be helpful.

I wanted to include a fix for this issue in my qemu/qemu-kvm upload, but
if it takes too long, I'll have to put this issue aside.


[0] https://security-tracker.debian.org/tracker/CVE-2016-7466
[1] http://git.qemu.org/?p=qemu.git;a=commit;h=53c30545fb34c43c84d62ea1c2b0dc6b53303c34

             Hugo Lefeuvre (hle)    |    www.owl.eu.com
4096/ ACB7 B67F 197F 9B32 1533 431C AC90 AC3E C524 065E

Attachment: signature.asc
Description: PGP signature

Reply to: