[Qemu-devel] [PULL 0/2] nbd patches for -rc3

Eric Blake posted 2 patches 6 years, 3 months ago
Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/qemu tags/patchew/20171128130248.901-1-eblake@redhat.com
Test checkpatch passed
Test docker passed
Test ppc passed
Test s390x passed
nbd/server.c | 10 ++++++++++
1 file changed, 10 insertions(+)
[Qemu-devel] [PULL 0/2] nbd patches for -rc3
Posted by Eric Blake 6 years, 3 months ago
The following changes since commit c7e1f823aed63f49e559e7463da76d5b320be35b:

  Merge remote-tracking branch 'remotes/jasowang/tags/net-pull-request' into staging (2017-11-28 10:03:26 +0000)

are available in the Git repository at:

  git://repo.or.cz/qemu/ericb.git tags/pull-nbd-2017-11-28

for you to fetch changes up to 51ae4f8455c9e32c54770c4ebc25bf86a8128183:

  nbd/server: CVE-2017-15118 Stack smash on large export name (2017-11-28 06:58:01 -0600)

Patches were reviewed off-list during the CVE embargo.

----------------------------------------------------------------
nbd patches for 2017-11-28

Eric Blake - 0/2 fix two NBD server CVEs

----------------------------------------------------------------
Eric Blake (2):
      nbd/server: CVE-2017-15119 Reject options larger than 32M
      nbd/server: CVE-2017-15118 Stack smash on large export name

 nbd/server.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

-- 
2.14.3


Re: [Qemu-devel] [PULL 0/2] nbd patches for -rc3
Posted by Peter Maydell 6 years, 3 months ago
On 28 November 2017 at 13:02, Eric Blake <eblake@redhat.com> wrote:
> The following changes since commit c7e1f823aed63f49e559e7463da76d5b320be35b:
>
>   Merge remote-tracking branch 'remotes/jasowang/tags/net-pull-request' into staging (2017-11-28 10:03:26 +0000)
>
> are available in the Git repository at:
>
>   git://repo.or.cz/qemu/ericb.git tags/pull-nbd-2017-11-28
>
> for you to fetch changes up to 51ae4f8455c9e32c54770c4ebc25bf86a8128183:
>
>   nbd/server: CVE-2017-15118 Stack smash on large export name (2017-11-28 06:58:01 -0600)
>
> Patches were reviewed off-list during the CVE embargo.
>
> ----------------------------------------------------------------
> nbd patches for 2017-11-28
>
> Eric Blake - 0/2 fix two NBD server CVEs
>
> ----------------------------------------------------------------
> Eric Blake (2):
>       nbd/server: CVE-2017-15119 Reject options larger than 32M
>       nbd/server: CVE-2017-15118 Stack smash on large export name
>
>  nbd/server.c | 10 ++++++++++
>  1 file changed, 10 insertions(+)

Applied, thanks.

-- PMM