[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH for-2.9] nbd/client: fix drop_sync [CVE-2017-263

From: Eric Blake
Subject: Re: [Qemu-devel] [PATCH for-2.9] nbd/client: fix drop_sync [CVE-2017-2630]
Date: Tue, 7 Mar 2017 09:15:34 -0600
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.7.0

On 03/06/2017 04:30 PM, Eric Blake wrote:
> From: Vladimir Sementsov-Ogievskiy <address@hidden>
> Comparison symbol is misused. It may lead to memory corruption.
> Introduced in commit 7d3123e.
> Signed-off-by: Vladimir Sementsov-Ogievskiy <address@hidden>
> Message-Id: <address@hidden>
> [eblake: add CVE details]
> Signed-off-by: Eric Blake <address@hidden>
> Reviewed-by: Marc-André Lureau <address@hidden>

Blergh. This R-b isn't correct.

Sending v2 with fixed attributions, and with >= instead of >.

Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org

Attachment: signature.asc
Description: OpenPGP digital signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]