mvadkert / rpms / qemu

Forked from rpms/qemu 6 years ago
Clone
Source Code
GIT

3d039dc CVE-2017-7718: cirrus: OOB read access issue (bz #1443443)

Authored and Committed by crobinso 6 years ago
raw patch tree parent
90 files changed. 2044 lines added. 79 lines removed.
0001-scsi-pvscsi-limit-loop-to-fetch-SG-list.patch
file modified
+1 -1
0002-vmsvga-correct-bitmap-and-pixmap-size-checks.patch
file modified
+1 -1
0003-usb-xhci-fix-memory-leak-in-usb_xhci_exit.patch
file modified
+1 -1
0004-virtio-add-check-for-descriptor-s-mapped-address.patch
file modified
+1 -1
0005-net-mcf-limit-buffer-descriptor-count.patch
file modified
+1 -1
0006-xhci-limit-the-number-of-link-trbs-we-are-willing-to.patch
file modified
+1 -1
0007-usb-ehci-fix-memory-leak-in-ehci_process_itd.patch
file modified
+1 -1
0008-usb-redir-allocate-buffers-before-waking-up-the-host.patch
file modified
+1 -1
0009-qxl-Only-emit-QXL_INTERRUPT_CLIENT_MONITORS_CONFIG-o.patch
file modified
+1 -1
0010-ui-use-evdev-keymap-when-running-under-wayland.patch
file modified
+2 -2
0011-net-vmxnet-initialise-local-tx-descriptor.patch
file modified
+1 -1
0012-net-pcnet-check-rx-tx-descriptor-ring-length.patch
file modified
+1 -1
0013-virtio-gpu-fix-memory-leak-in-virtio_gpu_resource_cr.patch
file modified
+1 -1
0014-9pfs-fix-potential-host-memory-leak-in-v9fs_read.patch
file modified
+1 -1
0015-9pfs-allocate-space-for-guest-originated-empty-strin.patch
file modified
+2 -2
0016-net-rocker-set-limit-to-DMA-buffer-size.patch
file modified
+1 -1
0017-char-serial-check-divider-value-against-baud-base.patch
file modified
+1 -1
0018-audio-intel-hda-check-stream-entry-count-during-tran.patch
file modified
+1 -1
0019-timer-a9gtimer-remove-loop-to-auto-increment-compara.patch
file modified
+1 -1
0020-net-eepro100-fix-memory-leak-in-device-uninit.patch
file modified
+1 -1
0021-9pfs-fix-information-leak-in-xattr-read.patch
file modified
+1 -1
0022-9pfs-fix-memory-leak-in-v9fs_xattrcreate.patch
file modified
+1 -1
0023-9pfs-add-xattrwalk_fid-field-in-V9fsXattr-struct.patch
file modified
+2 -2
0024-9pfs-convert-len-copied_len-field-in-V9fsXattr-to-th.patch
file modified
+1 -1
0025-9pfs-fix-integer-overflow-issue-in-xattr-read-write.patch
file modified
+1 -1
0026-9pfs-fix-memory-leak-in-v9fs_link.patch
file modified
+1 -1
0027-9pfs-fix-memory-leak-in-v9fs_write.patch
file modified
+1 -1
0028-xen-fix-ioreq-handling.patch
file modified
+1 -1
0029-display-cirrus-check-vga-bits-per-pixel-bpp-value.patch
file modified
+1 -1
0030-net-mcf-check-receive-buffer-size-register-value.patch
file modified
+1 -1
0031-virtio-gpu-fix-information-leak-in-getting-capset-in.patch
file modified
+1 -1
0032-virtio-gpu-fix-memory-leak-in-update_cursor_data_vir.patch
file modified
+1 -1
0033-usbredir-free-vm_change_state_handler-in-usbredir-de.patch
file modified
+1 -1
0034-usb-ehci-fix-memory-leak-in-ehci_init_transfer.patch
file modified
+1 -1
0035-9pfs-adjust-the-order-of-resource-cleanup-in-device-.patch
file modified
+1 -1
0036-9pfs-add-cleanup-operation-in-FileOperations.patch
file modified
+2 -2
0037-9pfs-add-cleanup-operation-for-handle-backend-driver.patch
file modified
+1 -1
0038-9pfs-add-cleanup-operation-for-proxy-backend-driver.patch
file modified
+1 -1
0039-9pfs-fix-crash-when-fsdev-is-missing.patch
file modified
+1 -1
0040-display-virtio-gpu-3d-check-virgl-capabilities-max_s.patch
file modified
+1 -1
0041-virtio-gpu-fix-information-leak-in-capset-get-dispat.patch
file modified
+1 -1
0042-virtio-gpu-call-cleanup-mapping-function-in-resource.patch
file modified
+1 -1
0043-net-imx-limit-buffer-descriptor-count.patch
file modified
+1 -1
0044-audio-ac97-add-exit-function.patch
file modified
+1 -1
0045-audio-es1370-add-exit-function.patch
file modified
+1 -1
0046-watchdog-6300esb-add-exit-function.patch
file modified
+1 -1
0047-virtio-gpu-3d-fix-memory-leak-in-resource-attach-bac.patch
file modified
+1 -1
0048-virtio-gpu-fix-memory-leak-in-resource-attach-backin.patch
file modified
+1 -1
0049-sd-sdhci-check-data-length-during-dma_memory_read.patch
file modified
+1 -1
0050-megasas-fix-guest-triggered-memory-leak.patch
file modified
+1 -1
0051-virtio-gpu-fix-resource-leak-in-virgl_cmd_resource_u.patch
file modified
+1 -1
0052-usb-ccid-check-ccid-apdu-length.patch
file modified
+1 -1
0053-sd-sdhci-check-transfer-mode-register-in-multi-block.patch
file modified
+1 -1
0054-eth-Extend-vlan-stripping-functions.patch
file modified
+2 -2
0055-NetRxPkt-Fix-memory-corruption-on-VLAN-header-stripp.patch
file modified
+1 -1
0056-NetRxPkt-Do-not-try-to-pull-more-data-than-present.patch
file modified
+1 -1
0057-NetRxPkt-Account-buffer-with-ETH-header-in-IOV-lengt.patch
file modified
+1 -1
0058-usb-ohci-limit-the-number-of-link-eds.patch
file modified
+1 -1
0059-display-cirrus-ignore-source-pitch-value-as-needed-i.patch
file modified
+1 -1
0060-cirrus-handle-negative-pitch-in-cirrus_invalidate_re.patch
file modified
+1 -1
0061-cirrus-allow-zero-source-pitch-in-pattern-fill-rops.patch
file modified
+1 -1
0062-cirrus-fix-blit-address-mask-handling.patch
file modified
+1 -1
0063-cirrus-fix-oob-access-issue-CVE-2017-2615.patch
file modified
+1 -1
0064-cirrus-fix-patterncopy-checks.patch
file modified
+1 -1
0065-Revert-cirrus-allow-zero-source-pitch-in-pattern-fil.patch
file modified
+1 -1
0066-cirrus-add-blit_is_unsafe-call-to-cirrus_bitblt_cput.patch
file modified
+1 -1
0067-egl-helpers-Support-newer-MESA-versions.patch
file modified
+1 -1
0068-char-drop-data-written-to-a-disconnected-pty.patch
file modified
+1 -1
0069-dma-rc4030-limit-interval-timer-reload-value.patch
file modified
+1 -1
0070-slirp-Make-RA-build-more-flexible.patch
file modified
+1 -1
0071-slirp-Send-RDNSS-in-RA-only-if-host-has-an-IPv6-DNS-.patch
file modified
+1 -1
0072-qxl-clear-guest_cursor-on-QXL_CURSOR_HIDE.patch
file modified
+1 -1
0073-serial-fix-memory-leak-in-serial-exit.patch
file modified
+1 -1
0074-fix-cirrus_vga-fix-OOB-read-case-qemu-Segmentation-f.patch
file added
+48
0075-cirrus-vnc-zap-bitblit-support-from-console-code.patch
file added
+269
0076-9pfs-fix-file-descriptor-leak.patch
file added
+46
0077-cirrus-fix-cirrus_invalidate_region.patch
file added
+37
0078-cirrus-stop-passing-around-dst-pointers-in-the-blitt.patch
file added
+616
0079-cirrus-stop-passing-around-src-pointers-in-the-blitt.patch
file added
+441
0080-cirrus-fix-off-by-one-in-cirrus_bitblt_rop_bkwd_tran.patch
file added
+34
0081-vmw_pvscsi-check-message-ring-page-count-at-initiali.patch
file added
+30
0082-audio-release-capture-buffers.patch
file added
+35
0083-input-limit-kbd-queue-depth.patch
file added
+87
0084-scsi-avoid-an-off-by-one-error-in-megasas_mmio_write.patch
file added
+42
0085-virtio-gpu-fix-memory-leak-in-set-scanout.patch
file added
+33
0086-net-e1000e-fix-an-infinite-loop-issue.patch
file added
+41
0087-usb-ohci-fix-error-return-code-in-servicing-iso-td.patch
file added
+28
0088-usb-ehci-fix-memory-leak-in-ehci.patch
file added
+75
0089-usb-redir-fix-stack-overflow-in-usbredir_log_data.patch
file added
+47
qemu.spec
file modified
+57 -1 
    CVE-2017-7718: cirrus: OOB read access issue (bz #1443443)
    CVE-2016-9603: cirrus: heap buffer overflow via vnc connection (bz #1432040)
    CVE-2017-7377: 9pfs: fix file descriptor leak (bz #1437872)
    CVE-2017-7980: cirrus: OOB r/w access issues in bitblt (bz #1444372)
    CVE-2017-8112: vmw_pvscsi: infinite loop in pvscsi_log2 (bz #1445622)
    CVE-2017-8309: audio: host memory lekage via capture buffer (bz #1446520)
    CVE-2017-8379: input: host memory lekage via keyboard events (bz #1446560)
    CVE-2017-8380: scsi: megasas: out-of-bounds read in megasas_mmio_write (bz #1446578)
    CVE-2017-9060: virtio-gpu: host memory leakage in Virtio GPU device (bz #1452598)
    CVE-2017-9310: net: infinite loop in e1000e NIC emulation (bz #1452623)
    CVE-2017-9330: usb: ohci: infinite loop due to incorrect return value (bz #1457699)
    CVE-2017-9374: usb: ehci host memory leakage during hotunplug (bz #1459137)
    CVE-2017-10806: usb-redirect: stack buffer overflow in debug logging (bz #1468497)
file modified
+1 -1
file modified
+1 -1
file modified
+1 -1
file modified
+1 -1
file modified
+1 -1
file modified
+1 -1
file modified
+1 -1
file modified
+1 -1
file modified
+1 -1
file modified
+2 -2
file modified
+1 -1
file modified
+1 -1
file modified
+1 -1
file modified
+1 -1
file modified
+2 -2
file modified
+1 -1
file modified
+1 -1
file modified
+1 -1
file modified
+1 -1
file modified
+1 -1
file modified
+1 -1
file modified
+1 -1
file modified
+2 -2
file modified
+1 -1
file modified
+1 -1
file modified
+1 -1
file modified
+1 -1
file modified
+1 -1
file modified
+1 -1
file modified
+1 -1
file modified
+1 -1
file modified
+1 -1
file modified
+1 -1
file modified
+1 -1
file modified
+1 -1
file modified
+2 -2
file modified
+1 -1
file modified
+1 -1
file modified
+1 -1
file modified
+1 -1
file modified
+1 -1
file modified
+1 -1
file modified
+1 -1
file modified
+1 -1
file modified
+1 -1
file modified
+1 -1
file modified
+1 -1
file modified
+1 -1
file modified
+1 -1
file modified
+1 -1
file modified
+1 -1
file modified
+1 -1
file modified
+1 -1
file modified
+2 -2
file modified
+1 -1
file modified
+1 -1
file modified
+1 -1
file modified
+1 -1
file modified
+1 -1
file modified
+1 -1
file modified
+1 -1
file modified
+1 -1
file modified
+1 -1
file modified
+1 -1
file modified
+1 -1
file modified
+1 -1
file modified
+1 -1
file modified
+1 -1
file modified
+1 -1
file modified
+1 -1
file modified
+1 -1
file modified
+1 -1
file modified
+1 -1
file added
+48
file added
+269
file added
+46
file added
+37
file added
+616
file added
+441
file added
+34
file added
+30
file added
+35
file added
+87
file added
+42
file added
+33
file added
+41
file added
+28
file added
+75
file added
+47
file modified
+57 -1
Powered by Pagure 5.14.1
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.