Re: qemu - CVE-2018-19665: bt subsystem mishandles negative length variables

To: Adrian Zaugg <adi@ente.limmat.ch>
Cc: debian-lts@lists.debian.org
Subject: Re: qemu - CVE-2018-19665: bt subsystem mishandles negative length variables
From: Hugo Lefeuvre <hle@debian.org>
Date: Mon, 28 Jan 2019 09:52:11 +0100
Message-id: <[🔎] 20190128085211.GC2991@hle-laptop>
In-reply-to: <[🔎] 6a9ed1d9-16d8-cf08-ad62-f73be524f7d3@ente.limmat.ch>
References: <[🔎] 20190112165201.GA2479@hle-laptop.local> <[🔎] 6a9ed1d9-16d8-cf08-ad62-f73be524f7d3@ente.limmat.ch>

Hi Adrian,

> On 1/12/19 5:52 PM, Hugo Lefeuvre wrote:
> > the subsystem doesn't seem to be very actively maintained and that the user
> > base is quite small, it is maybe better to mark this no-dsa in stretch and
> 
> Please don't forget thet Debian has derivates that do not get summed up in
> popcon.d.o. So the user base might be bigger than assumed.

Right, but I was actually strictly speaking about the bluetooth subsystem,
quoting qemu's upstream[0].

cheers

Hugo

[0] https://patchwork.kernel.org/patch/10678421/

-- 
                Hugo Lefeuvre (hle)    |    www.owl.eu.com
RSA4096_ 360B 03B3 BF27 4F4D 7A3F D5E8 14AA 1EB8 A247 3DFD
ed25519_ 37B2 6D38 0B25 B8A2 6B9F 3A65 A36F 5357 5F2D DC4C

Attachment: signature.asc
Description: PGP signature

Reply to:

References:
- qemu - CVE-2018-19665: bt subsystem mishandles negative length variables
  - From: Hugo Lefeuvre <hle@debian.org>
- Re: qemu - CVE-2018-19665: bt subsystem mishandles negative length variables
  - From: Adrian Zaugg <adi@ente.limmat.ch>

Prev by Date: Re: Review and testing phpmyadmin for Jessie LTS
Next by Date: Re: [Qemu-devel] [PATCH v2] bt: use size_t type for length parameters instead of int
Previous by thread: Re: qemu - CVE-2018-19665: bt subsystem mishandles negative length variables
Next by thread: Re: qemu - CVE-2018-19665: bt subsystem mishandles negative length variables
Index(es):
- Date
- Thread