[PATCH for-5.0?] slirp: update to fix CVE-2020-1983

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH for-5.0?] slirp: update to fix CVE-2020-1983

From:	Marc-André Lureau
Subject:	[PATCH for-5.0?] slirp: update to fix CVE-2020-1983
Date:	Tue, 21 Apr 2020 19:02:27 +0200

This is an update on the stable-4.2 branch of libslirp.git:

git shortlog 55ab21c9a3..2faae0f778f81

Marc-André Lureau (1):
      Fix use-afte-free in ip_reass() (CVE-2020-1983)

CVE-2020-1983 is actually a follow up fix for commit
126c04acbabd7ad32c2b018fe10dfac2a3bc1210 ("Fix heap overflow in
ip_reass on big packet input") which was was included in qemu
v4.1 (commit e1a4a24d262ba5ac74ea1795adb3ab1cd574c7fb "slirp: update
with CVE-2019-14378 fix").

Signed-off-by: Marc-André Lureau <address@hidden>
---
 slirp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/slirp b/slirp
index 55ab21c9a36..2faae0f778f 160000
--- a/slirp
+++ b/slirp
@@ -1 +1 @@
-Subproject commit 55ab21c9a36852915b81f1b41ebaf3b6509dd8ba
+Subproject commit 2faae0f778f818fadc873308f983289df697eb93
-- 
2.26.0.106.g9fadedd637

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH for-5.0?] slirp: update to fix CVE-2020-1983, Marc-André Lureau <=
- Re: [PATCH for-5.0?] slirp: update to fix CVE-2020-1983, Peter Maydell, 2020/04/21
  - Re: [PATCH for-5.0?] slirp: update to fix CVE-2020-1983, Peter Maydell, 2020/04/22

Prev by Date: Re: [PATCH v3 06/10] iotests: add testfinder.py
Next by Date: Re: [PATCH] tests/tcg: use EXTRA_RUNS to run gdbtests
Previous by thread: [PATCH 0/8] memory: Sanity checks memory transaction when releasing BQL
Next by thread: Re: [PATCH for-5.0?] slirp: update to fix CVE-2020-1983
Index(es):
- Date
- Thread