> Anyways, given that the patch is quite large (though straightforward), that
> the subsystem doesn't seem to be very actively maintained and that the user
> base is quite small, it is maybe better to mark this no-dsa in stretch and
> jessie.
... but if we manage to trim down upstream's patch to
Hi,
I had a look at CVE-2018-19665 regarding qemu in oldstable/stable.
summary: the bluetooth subsystem uses signed length variables at multiple
places. These length variables are used, among others, in memcpy calls. A
malicious guest VM could attempt to crash the host by passing negative len
2 matches
Mail list logo
