Re: Unblock request for qemu/0.9.1-9

To: debian-release@lists.debian.org
Subject: Re: Unblock request for qemu/0.9.1-9
From: Jan Luebbe <jluebbe@lasnet.de>
Date: Wed, 24 Dec 2008 13:19:01 +0100
Message-id: <[🔎] 1230121141.8482.23.camel@polaris>
In-reply-to: <[🔎] 20081224111103.GA14607@volta.aurel32.net>
References: <[🔎] 20081224111103.GA14607@volta.aurel32.net>

On Wed, 2008-12-24 at 12:11 +-0100, Aurelien Jarno wrote:
+AD4 Hi,
+AD4 
+AD4 qemu 0.9.1-9 fixes a remote DoS, please find the diff below. Could you
+AD4 please unblock it?

The same fix has also been applied to kvm in version kvm+AF8-72+-dfsg-4.
Please unblock it, too.

Thanks,
Jan

diff -u kvm-72+-dfsg/debian/changelog kvm-72+-dfsg/debian/changelog
--- kvm-72+-dfsg/debian/changelog
+-+-+- kvm-72+-dfsg/debian/changelog
+AEAAQA -1,3 +-1,10 +AEAAQA
+-kvm (72+-dfsg-4) unstable+ADs urgency+AD0-high
+-
+-  +ACo debian/patches/core-2008-1210.patch: fix remote DoS via VNC
+-    (CORE-2008-1210/CVE-2008-2382).
+-
+- -- Jan L+APw-bbe +ADw-jluebbe+AEA-debian.org+AD4  Wed, 24 Dec 2008 12:23:06 +-0100
+-
 kvm (72+-dfsg-3) unstable+ADs urgency+AD0-medium
 
   +ACo Apply patch from qemu (62+AF8-fix-ptyblocking.patch) which fixes a lockup
diff -u kvm-72+-dfsg/debian/patches/series kvm-72+-dfsg/debian/patches/series
--- kvm-72+-dfsg/debian/patches/series
+-+-+- kvm-72+-dfsg/debian/patches/series
+AEAAQA -16,0 +-17 +AEAAQA
+-core-2008-1210.patch
only in patch2:
unchanged:
--- kvm-72+-dfsg.orig/debian/patches/core-2008-1210.patch
+-+-+- kvm-72+-dfsg/debian/patches/core-2008-1210.patch
+AEAAQA -0,0 +-1,27 +AEAAQA
+-Fix CORE-2008-1210 VNC DoS
+-
+-If the client sends us a limit of zero, handle appropriately.
+-
+-Signed-off-by: Anthony Liguori +ADw-aliguori+AEA-us.ibm.com+AD4
+-
+-diff --git qemu/vnc.c qemu/vnc.c
+-index 3a7d762..575fd68 100644
+---- a/qemu/vnc.c
+-+-+-+- b/qemu/vnc.c
+-+AEAAQA -1503,10 +-1503,13 +AEAAQA static int protocol+AF8-client+AF8-msg(VncState +ACo-vs, uint8+AF8-t +ACo-data, size+AF8-t len)
+- 	if (len +AD0APQ 1)
+- 	    return 4+ADs
+- 
+--	if (len +AD0APQ 4)
+--	    return 4 +- (read+AF8-u16(data, 2) +ACo 4)+ADs
+-+-	if (len +AD0APQ 4) +AHs
+-+-            limit +AD0 read+AF8-u16(data, 2)+ADs
+-+-            if (limit +AD4 0)
+-+-                return 4 +- (limit +ACo 4)+ADs
+-+-        +AH0 else
+-+-            limit +AD0 read+AF8-u16(data, 2)+ADs
+- 
+--	limit +AD0 read+AF8-u16(data, 2)+ADs
+- 	for (i +AD0 0+ADs i +ADw limit+ADs i+-+-) +AHs
+- 	    int32+AF8-t val +AD0 read+AF8-s32(data, 4 +- (i +ACo 4))+ADs
+- 	    memcpy(data +- 4 +- (i +ACo 4), +ACY-val, sizeof(val))+ADs

Reply to:

Follow-Ups:
- Re: Unblock request for qemu/0.9.1-9
  - From: Philipp Kern <pkern@debian.org>

References:
- Unblock request for qemu/0.9.1-9
  - From: Aurelien Jarno <aurelien@aurel32.net>

Prev by Date: please unblock desmume/0.8-2
Next by Date: Re: please unblock desmume/0.8-2
Previous by thread: Unblock request for qemu/0.9.1-9
Next by thread: Re: Unblock request for qemu/0.9.1-9
Index(es):
- Date
- Thread