[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Wheezy update for qemu ?

On Fri, Oct 07, 2016 at 01:09:29PM +0200, Hugo Lefeuvre wrote:
> Hi,
> > I'll prepare a patch adding the usb_xhci_exit function and will
> > perform some more tests.
> Well, here is what I got after taking some hours to try to produce a
> patch for CVE-2016-7466[0]:
>  * It is not possible to introduce the usb_xhci_exit function in qemu v1.1.2
>    as it has been done in qemu v2.2.0[1] because it would imply a significant
>    code refactoring. For instance, the diff between hcd-xhci.c in qemu v1.1.2
>    and qemu v2.2.0 is 3841 lines long, although hcd-xhci.c itself in v1.1.2 is
>    2955 lines long !
>  * I'm not sure I'll be able to develop a patch alone in my assigned time
>    because I'm far from being a C expert, and the code is far from being
>    trivial.
>    I haven't got any answer from the QEMU team, and it's quite unsure that
>    upstream will be interested in taking time to patch the 1.1.2 version.
> So, if anybody wants to take time to work on this patch, or, at least, have a
> look at the issue, it would be helpful.

I can have a look but not before next week.
 -- Guido

> I wanted to include a fix for this issue in my qemu/qemu-kvm upload, but
> if it takes too long, I'll have to put this issue aside.
> Cheers,
>  Hugo
> [0] https://security-tracker.debian.org/tracker/CVE-2016-7466
> [1] http://git.qemu.org/?p=qemu.git;a=commit;h=53c30545fb34c43c84d62ea1c2b0dc6b53303c34
> -- 
>              Hugo Lefeuvre (hle)    |    www.owl.eu.com
> 4096/ ACB7 B67F 197F 9B32 1533 431C AC90 AC3E C524 065E

Reply to: