On Tue, 21 Apr 2020 at 18:03, Marc-André Lureau <marcandre.lur...@redhat.com> wrote: > > This is an update on the stable-4.2 branch of libslirp.git: > > git shortlog 55ab21c9a3..2faae0f778f81 > > Marc-André Lureau (1): > Fix use-afte-free in ip_reass() (CVE-2020-1983) > > CVE-2020-1983 is actually a follow up fix for commit > 126c04acbabd7ad32c2b018fe10dfac2a3bc1210 ("Fix heap overflow in > ip_reass on big packet input") which was was included in qemu > v4.1 (commit e1a4a24d262ba5ac74ea1795adb3ab1cd574c7fb "slirp: update > with CVE-2019-14378 fix"). > > Signed-off-by: Marc-André Lureau <marcandre.lur...@redhat.com>
Hi; thanks for putting together this stable-branch update. I've run it through my test setup and it's fine; I'm just going to wait a little until I push it to master just in case anybody wants to speak up with an opinion/objection. I'll do that tomorrow afternoon UK time and then tag rc4. thanks -- PMM