Bug#699396: CVE-2013-0241 - qxl: synchronous io guest DoS

To: 699396@bugs.debian.org
Subject: Bug#699396: CVE-2013-0241 - qxl: synchronous io guest DoS
From: Liang Guo <bluestonechina@gmail.com>
Date: Fri, 1 Feb 2013 00:57:02 +0800
Message-id: <[🔎] 20130131165702.GA9903@blueice2>
Reply-to: Liang Guo <bluestonechina@gmail.com>, 699396@bugs.debian.org
In-reply-to: <[🔎] 201301310010.16680.luciano@debian.org>
References: <[🔎] 201301310010.16680.luciano@debian.org>

Hi, 

On Thu, Jan 31, 2013 at 12:10:16AM +0100, Luciano Bello wrote:
> Package: xserver-xorg-video-qxl
> Severity: grave
> Tags: security patch
> Justification: user security hole
> 
> Hi there,
>    Take a look to http://seclists.org/oss-sec/2013/q1/204
>    Please, use CVE-2013-0241 to refer this issue.
>    The Debian package in unstable looks affected. Can you check if the stable or 
> testings are affected too?
> 
> Cheers,
> luciano
Would you like to check xserver-xorg-video-qxl 0.0.17 is 
affected? 

According to http://seclists.org/oss-sec/2013/q1/204, this
bug is fixed in commit 30b4b72cdbdf9f0e92a8d1c4e01779f60f15a741, 
which is included in 0.0.17.

I'm backport this patch to 0.0.12, I'll let you know when 
it is ready. 

Thanks and Regards,
--
Liang Guo
http://bluestone.cublog.cn

Attachment: signature.asc
Description: Digital signature

Reply to:

References:
- Bug#699396: CVE-2013-0241 - qxl: synchronous io guest DoS
  - From: Luciano Bello <luciano@debian.org>

Prev by Date: xorg-gtest: Changes to 'debian-experimental'
Next by Date: mesa: Changes to 'debian-experimental'
Previous by thread: Bug#699396: CVE-2013-0241 - qxl: synchronous io guest DoS
Next by thread: Bug#699345: xserver-xorg-video-ati: Xorg crashes with, black/white screen since wheezy update to 6.14.4-6
Index(es):
- Date
- Thread