Re: Wheezy update for qemu ?
On Fri, Oct 07, 2016 at 01:09:29PM +0200, Hugo Lefeuvre wrote:
> > I'll prepare a patch adding the usb_xhci_exit function and will
> > perform some more tests.
> Well, here is what I got after taking some hours to try to produce a
> patch for CVE-2016-7466:
> * It is not possible to introduce the usb_xhci_exit function in qemu v1.1.2
> as it has been done in qemu v2.2.0 because it would imply a significant
> code refactoring. For instance, the diff between hcd-xhci.c in qemu v1.1.2
> and qemu v2.2.0 is 3841 lines long, although hcd-xhci.c itself in v1.1.2 is
> 2955 lines long !
> * I'm not sure I'll be able to develop a patch alone in my assigned time
> because I'm far from being a C expert, and the code is far from being
> I haven't got any answer from the QEMU team, and it's quite unsure that
> upstream will be interested in taking time to patch the 1.1.2 version.
> So, if anybody wants to take time to work on this patch, or, at least, have a
> look at the issue, it would be helpful.
I can have a look but not before next week.
> I wanted to include a fix for this issue in my qemu/qemu-kvm upload, but
> if it takes too long, I'll have to put this issue aside.
>  https://security-tracker.debian.org/tracker/CVE-2016-7466
>  http://git.qemu.org/?p=qemu.git;a=commit;h=53c30545fb34c43c84d62ea1c2b0dc6b53303c34
> Hugo Lefeuvre (hle) | www.owl.eu.com
> 4096/ ACB7 B67F 197F 9B32 1533 431C AC90 AC3E C524 065E