On Wed, Dec 24, 2008 at 09:01:50PM +0100, Philipp Kern wrote: > On Wed, Dec 24, 2008 at 01:19:01PM +0100, Jan Luebbe wrote: > > On Wed, 2008-12-24 at 12:11 +0100, Aurelien Jarno wrote: > > > Hi, > > > > > > qemu 0.9.1-9 fixes a remote DoS, please find the diff below. Could you > > > please unblock it? > > The same fix has also been applied to kvm in version kvm_72+dfsg-4. > > Please unblock it, too. > > Both unblocked, thanks. > Thanks a lot. Unfortunately a new CVE has been issued in the meanwhile, so I have done a new upload, please see the diff below. Could you please unblock it? Thanks, Aurelien diff -u qemu-0.9.1/debian/changelog qemu-0.9.1/debian/changelog --- qemu-0.9.1/debian/changelog +++ qemu-0.9.1/debian/changelog @@ -1,6 +1,13 @@ +qemu (0.9.1-10) unstable; urgency=low + + * debian/patches/96_security.patch: fix off-by-one bug limiting VNC + passwords to 7 chars (CVE-2008-5714). + + -- Aurelien Jarno <aurel32@debian.org> Sun, 28 Dec 2008 12:38:40 +0100 + qemu (0.9.1-9) unstable; urgency=low - * debian/patches/94_security.patch: fix remote DoS via VNC + * debian/patches/95_security.patch: fix remote DoS via VNC (CORE-2008-1210/CVE-2008-2382). -- Aurelien Jarno <aurel32@debian.org> Tue, 23 Dec 2008 15:06:11 +0100 diff -u qemu-0.9.1/debian/patches/series qemu-0.9.1/debian/patches/series --- qemu-0.9.1/debian/patches/series +++ qemu-0.9.1/debian/patches/series @@ -48,0 +49 @@ +96_security.patch only in patch2: unchanged: --- qemu-0.9.1.orig/debian/patches/96_security.patch +++ qemu-0.9.1/debian/patches/96_security.patch @@ -0,0 +1,33 @@ +commit 7e5b685255b2dbc9d96f954c86fcc86a56fee0c6 +Author: aliguori <aliguori@c046a42c-6fe2-441c-8c8c-71466251a162> +Date: Wed Dec 10 15:12:57 2008 +0000 + + Fix off-by-one bug limiting VNC passwords to 7 chars (Chris Webb) + + monitor_readline expects buf_size to include the terminating \0, but + do_change_vnc in monitor.c calls it as though it doesn't. The other site + where monitor_readline reads a password (in vl.c) passes the buffer + length + correctly. + + Signed-off-by: Chris Webb <chris@arachsys.com> + Signed-off-by: Anthony Liguori <aliguori@us.ibm.com> + + + + git-svn-id: svn+ssh://svn.savannah.nongnu.org/qemu/trunk@5966 c046a42c-6fe2-441c-8c8c-71466251a162 + +diff --git a/monitor.c b/monitor.c +index f142a87..bec9211 100644 +--- a/monitor.c ++++ b/monitor.c +@@ -434,8 +434,7 @@ static void do_change_vnc(const char *target) + if (strcmp(target, "passwd") == 0 || + strcmp(target, "password") == 0) { + char password[9]; +- monitor_readline("Password: ", 1, password, sizeof(password)-1); +- password[sizeof(password)-1] = '\0'; ++ monitor_readline("Password: ", 1, password, sizeof(password)); + if (vnc_display_password(NULL, password) < 0) + term_printf("could not set VNC server password\n"); + } else { -- .''`. Aurelien Jarno | GPG: 1024D/F1BCDB73 : :' : Debian developer | Electrical Engineer `. `' aurel32@debian.org | aurelien@aurel32.net `- people.debian.org/~aurel32 | www.aurel32.net
Attachment:
signature.asc
Description: Digital signature