Still waiting on Red Hat's security team to decide if these get CVE designations, but at this point, we consider the impact to be low enough severity (easy to avoid if your server rejects malicious clients by the use of TLS) and related enough that there is no longer any need to embargo the second one.
I'll wait a bit longer to apply, to provide time to update the subject lines according to whether we get CVEs assigned. Eric Blake (2): server: Fix off-by-one for maximum block_status length [CVE-XXX] blocksize: Fix 32-bit overflow in .extents [CVE-XXXX] tests/Makefile.am | 4 ++ server/protocol.c | 2 +- filters/blocksize/blocksize.c | 5 +- tests/test-blocksize-extents-overflow.sh | 83 ++++++++++++++++++++++++ tests/test-eval-extents.sh | 71 ++++++++++++++++++++ 5 files changed, 162 insertions(+), 3 deletions(-) create mode 100755 tests/test-blocksize-extents-overflow.sh create mode 100755 tests/test-eval-extents.sh -- 2.49.0 _______________________________________________ Libguestfs mailing list -- guestfs@lists.libguestfs.org To unsubscribe send an email to guestfs-le...@lists.libguestfs.org
