Bug#699396: CVE-2013-0241 - qxl: synchronous io guest DoS

To: 699396@bugs.debian.org
Cc: luciano@debian.org
Subject: Bug#699396: CVE-2013-0241 - qxl: synchronous io guest DoS
From: Liang Guo <bluestonechina@gmail.com>
Date: Tue, 5 Feb 2013 23:34:54 +0800
Message-id: <[🔎] 20130205153454.GA12312@blueice2>
Reply-to: Liang Guo <bluestonechina@gmail.com>, 699396@bugs.debian.org
In-reply-to: <201301310010.16680.luciano@debian.org>
References: <201301310010.16680.luciano@debian.org>

Hi, Luciano, 
On Thu, Jan 31, 2013 at 12:10:16AM +0100, Luciano Bello wrote:
> Package: xserver-xorg-video-qxl
> Severity: grave
> Tags: security patch
> Justification: user security hole
> 
> Hi there,
>    Take a look to http://seclists.org/oss-sec/2013/q1/204
>    Please, use CVE-2013-0241 to refer this issue.
>    The Debian package in unstable looks affected. Can you check if the stable or 
> testings are affected too?
I checked the patch, it modified following function: 

  	  qxl_handle_oom
	  qxl_allocnf
	  setup_slot
	  qxl_surface_cache_create_primary
	  download_box

qxl_allocnf exist in qxl 0.0.12, but it have not use ioport_write 
function, other function don't exist in qxl 0.0.12. 

Could you please check wheather this bug affect qxl in squeeze ? 

Thanks and Regards,
--
Liang Guo
http://bluestone.cublog.cn

Attachment: signature.asc
Description: Digital signature

Reply to:

Prev by Date: xserver-xorg-video-intel: Changes to 'upstream-experimental'
Next by Date: Processed: Re: Bug#672972: Wheezy: VLC player can't play videos
Previous by thread: xserver-xorg-video-intel: Changes to 'upstream-experimental'
Next by thread: Bug#672972: Wheezy: VLC player can't play videos
Index(es):
- Date
- Thread