guix/gnu/packages/patches/qemu-CVE-2017-10806.patch
Alex Vong f152208b0d
gnu: qemu: Fix CVE-2017-{10664,10806,10911,11434}.
* gnu/packages/patches/qemu-CVE-2017-10664.patch,
gnu/packages/patches/qemu-CVE-2017-10806.patch,
gnu/packages/patches/qemu-CVE-2017-10911.patch,
gnu/packages/patches/qemu-CVE-2017-11434.patch: New files.
* gnu/local.mk (dist_patch_DATA): Add them.
* gnu/packages/virtualization.scm (qemu)[source]: Use them.

Signed-off-by: Marius Bakke <mbakke@fastmail.com>
2017-08-13 18:28:27 +02:00

38 lines
1.1 KiB
Diff

Fix CVE-2017-10806:
https://lists.nongnu.org/archive/html/qemu-devel/2017-05/msg03087.html
https://bugzilla.redhat.com/show_bug.cgi?id=1468496
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10806
https://security-tracker.debian.org/tracker/CVE-2017-10806
Patch copied from upstream source repository:
https://git.qemu.org/gitweb.cgi?p=qemu.git;a=commit;h=bd4a683505b27adc1ac809f71e918e58573d851d
diff --git a/hw/usb/redirect.c b/hw/usb/redirect.c
index b001a27f05..ad5ef783a6 100644
--- a/hw/usb/redirect.c
+++ b/hw/usb/redirect.c
@@ -229,21 +229,10 @@ static void usbredir_log(void *priv, int level, const char *msg)
static void usbredir_log_data(USBRedirDevice *dev, const char *desc,
const uint8_t *data, int len)
{
- int i, j, n;
-
if (dev->debug < usbredirparser_debug_data) {
return;
}
-
- for (i = 0; i < len; i += j) {
- char buf[128];
-
- n = sprintf(buf, "%s", desc);
- for (j = 0; j < 8 && i + j < len; j++) {
- n += sprintf(buf + n, " %02X", data[i + j]);
- }
- error_report("%s", buf);
- }
+ qemu_hexdump((char *)data, stderr, desc, len);
}
/*