qemu-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-devel] [PULL for-2.3 0/2] vnc: fix websocket security issues (cve-


From: Gerd Hoffmann
Subject: [Qemu-devel] [PULL for-2.3 0/2] vnc: fix websocket security issues (cve-2015-1779).
Date: Wed, 1 Apr 2015 16:11:13 +0200

  Hi,

$subject says all, here are the cve-2015-1779 fixes for vnc websockets
from Daniel P. Berrange for 2.3-rc2.

please pull,
  Gerd

The following changes since commit 054903a832b865eb5432d79b5c9d1e1ff31b58d7:

  Update version for v2.3.0-rc1 release (2015-03-24 16:34:16 +0000)

are available in the git repository at:

  git://git.kraxel.org/qemu tags/pull-cve-2015-1779-20150401-1

for you to fetch changes up to 9cf222fd4fd3f4d1f959685c061279d0673726cd:

  CVE-2015-1779: limit size of HTTP headers from websockets clients (2015-04-01 
15:48:52 +0200)

----------------------------------------------------------------
vnc: fix websocket security issues (cve-2015-1779).

----------------------------------------------------------------
Daniel P. Berrange (2):
      CVE-2015-1779: incrementally decode websocket frames
      CVE-2015-1779: limit size of HTTP headers from websockets clients

 ui/vnc-ws.c | 115 +++++++++++++++++++++++++++++++++++++++++-------------------
 ui/vnc-ws.h |   9 +++--
 ui/vnc.h    |   2 ++
 3 files changed, 88 insertions(+), 38 deletions(-)



reply via email to

[Prev in Thread] Current Thread [Next in Thread]