On 28 November 2017 at 13:02, Eric Blake <eblake@redhat.com> wrote:
> The following changes since commit c7e1f823aed63f49e559e7463da76d5b320be35b:
>
> Merge remote-tracking branch 'remotes/jasowang/tags/net-pull-request' into staging (2017-11-28 10:03:26 +0000)
>
> are available in the Git repository at:
>
> git://repo.or.cz/qemu/ericb.git tags/pull-nbd-2017-11-28
>
> for you to fetch changes up to 51ae4f8455c9e32c54770c4ebc25bf86a8128183:
>
> nbd/server: CVE-2017-15118 Stack smash on large export name (2017-11-28 06:58:01 -0600)
>
> Patches were reviewed off-list during the CVE embargo.
>
> ----------------------------------------------------------------
> nbd patches for 2017-11-28
>
> Eric Blake - 0/2 fix two NBD server CVEs
>
> ----------------------------------------------------------------
> Eric Blake (2):
> nbd/server: CVE-2017-15119 Reject options larger than 32M
> nbd/server: CVE-2017-15118 Stack smash on large export name
>
> nbd/server.c | 10 ++++++++++
> 1 file changed, 10 insertions(+)
Applied, thanks.
-- PMM