Re: [Qemu-devel] [PATCH] e1000: Discard oversized packets based on SBP|LPE

[Michael Tokarev]

18.12.2012 21:34, Michael Contreras пишет:
> On Tue, Dec 18, 2012 at 05:49:16PM +0100, Stefan Hajnoczi wrote:
> > On Tue, Dec 18, 2012 at 5:20 PM, Michael Tokarev <address@hidden> wrote:
> > > On 18.12.2012 17:44, Stefan Hajnoczi wrote:
> > > > On Wed, Dec 05, 2012 at 01:31:30PM -0500, Michael Contreras wrote:
> > > > > Discard packets longer than 16384 when !SBP to match the hardware behavior.
> > > > >
> > > > > Signed-off-by: Michael Contreras <address@hidden>
> > > > > ---
> > > > >   hw/e1000.c | 7 +++++--
> > > > >   1 file changed, 5 insertions(+), 2 deletions(-)
> > >
> > > It looks like another very good candidate for -stable (up to quite some
> > > releases of qemu ago), together with the previous similar patch.
> >
> > Yes, it's good for -stable.
> >
> > Stefan
>
> Thanks guys. Any update on the CVE number? Seems the KVM qemu git tree
> still has this vulnerability. Xen has the fix in their qemu unstable
> git mirror, but hasn't applied it yet either.

This issue has been assigned CVE-2012-6075.

qemu-kvm does not exist anymore, it is just an internal development
tree for qemu, sort of like a subsystem tree - there will be no
more qemu-kvm releases.

So we care only about qemu (main, older versions, incl. 0.12 and 0.15,
are also affected), old qemu-kvm, and xen.  CC'ing afaerber for 0.15.

Thank you!

/mjt