Hi, qemu 0.9.1-9 fixes a remote DoS, please find the diff below. Could you please unblock it?
Thanks, Aurelien diff -u qemu-0.9.1/debian/changelog qemu-0.9.1/debian/changelog --- qemu-0.9.1/debian/changelog +++ qemu-0.9.1/debian/changelog @@ -1,8 +1,15 @@ +qemu (0.9.1-9) unstable; urgency=low + + * debian/patches/94_security.patch: fix remote DoS via VNC + (CORE-2008-1210/CVE-2008-2382). + + -- Aurelien Jarno <[email protected]> Tue, 23 Dec 2008 15:06:11 +0100 + qemu (0.9.1-8) unstable; urgency=low * debian/patches: - cherry-pick from svn: 61_pseudotty.patch 62_fix-ptyblocking.patch - closes: #494831 + qemu is affected by #494831 too, these patches fix it here. -- Riku Voipio <[email protected]> Wed, 19 Nov 2008 23:21:43 +0200 diff -u qemu-0.9.1/debian/patches/series qemu-0.9.1/debian/patches/series --- qemu-0.9.1/debian/patches/series +++ qemu-0.9.1/debian/patches/series @@ -47,0 +48 @@ +95_security.patch --- qemu-0.9.1.orig/debian/patches/95_security.patch +++ qemu-0.9.1/debian/patches/95_security.patch @@ -0,0 +1,27 @@ +Properly handle the case of SetPixelEncodings with a length of zero. + +This commit addresses CORE-2008-1210/CVE-2008-2382. + +Signed-off-by: Anthony Liguori <[email protected]> + +diff --git a/vnc.c b/vnc.c +index 3a7d762..575fd68 100644 +--- a/vnc.c ++++ b/vnc.c +@@ -1503,10 +1503,13 @@ static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len) + if (len == 1) + return 4; + +- if (len == 4) +- return 4 + (read_u16(data, 2) * 4); ++ if (len == 4) { ++ limit = read_u16(data, 2); ++ if (limit > 0) ++ return 4 + (limit * 4); ++ } else ++ limit = read_u16(data, 2); + +- limit = read_u16(data, 2); + for (i = 0; i < limit; i++) { + int32_t val = read_s32(data, 4 + (i * 4)); + memcpy(data + 4 + (i * 4), &val, sizeof(val)); -- .''`. Aurelien Jarno | GPG: 1024D/F1BCDB73 : :' : Debian developer | Electrical Engineer `. `' [email protected] | [email protected] `- people.debian.org/~aurel32 | www.aurel32.net -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
