[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PULL for-1.5] qemu-ga CVE-2013-2007 addenda
|
From: |
Michael Roth |
|
Subject: |
[Qemu-devel] [PULL for-1.5] qemu-ga CVE-2013-2007 addenda |
|
Date: |
Mon, 13 May 2013 10:08:21 -0500 |
Hi Anthony,
These are fix-ups for Laszlo's CVE-2013-2007 fix:
http://www.mail-archive.com/address@hidden/msg170944.html
The main effect is to avoid cluttering filesystems with empty files if
we hit an error path in the open/create/chmod path.
I'm unable to confirm whether or not these error paths can actually be
triggered in 1.5 or are just theoretical, but I plan to apply these to
1.4.2 to be sure and so I'm also submitting this for 1.5.
If you think it's too late in the cycle to warrant these for 1.5 I can
also cherry-pick them from my QGA tree for 1.4.2 instead.
The following changes since commit 38ebb396c955ceb2ef7e246248ceb7f8bfe1b774:
target-i386: ROR r8/r16 imm instruction fix (2013-05-10 19:59:54 +0200)
are available in the git repository at:
http://github.com/mdroth/qemu qga-pull-2013-05-13
for you to fetch changes up to 2b720018060179b394f8ce736983373ab80dd37c:
qga: unlink just created guest-file if fchmod() or fdopen() fails on it
(2013-05-13 09:45:49 -0500)
----------------------------------------------------------------
Laszlo Ersek (2):
qga: distinguish binary modes in "guest_file_open_modes" map
qga: unlink just created guest-file if fchmod() or fdopen() fails on it
qga/commands-posix.c | 25 +++++++++++++++++++------
1 file changed, 19 insertions(+), 6 deletions(-)
- [Qemu-devel] [PULL for-1.5] qemu-ga CVE-2013-2007 addenda,
Michael Roth <=