On 20 November 2018 at 12:03, Greg Kurz <groug@kaod.org> wrote:
> The following changes since commit 3c035a41dca808f096a128fe2b62d849fe638a25:
>
> Merge remote-tracking branch 'remotes/huth-gitlab/tags/pull-request-2018-11-20' into staging (2018-11-20 10:56:57 +0000)
>
> are available in the Git repository at:
>
> https://github.com/gkurz/qemu.git tags/for-upstream
>
> for you to fetch changes up to 5b3c77aa581ebb215125c84b0742119483571e55:
>
> 9p: take write lock on fid path updates (CVE-2018-19364) (2018-11-20 13:00:35 +0100)
>
> ----------------------------------------------------------------
> Fixes yet another use-after-free issue that could be triggered by a
> misbehaving guest. This is a follow-up to commit:
>
> commit 5b76ef50f62079a2389ba28cacaf6cce68b1a0ed
> Author: Greg Kurz <groug@kaod.org>
> Date: Wed Nov 7 01:00:04 2018 +0100
>
> 9p: write lock path in v9fs_co_open2()
>
> ----------------------------------------------------------------
> Greg Kurz (1):
> 9p: take write lock on fid path updates (CVE-2018-19364)
>
Applied, thanks.
-- PMM