Re: [PATCH for-5.0?] slirp: update to fix CVE-2020-1983

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH for-5.0?] slirp: update to fix CVE-2020-1983

From:	Peter Maydell
Subject:	Re: [PATCH for-5.0?] slirp: update to fix CVE-2020-1983
Date:	Wed, 22 Apr 2020 13:47:49 +0100

On Tue, 21 Apr 2020 at 20:19, Peter Maydell <address@hidden> wrote:
>
> On Tue, 21 Apr 2020 at 18:03, Marc-André Lureau
> <address@hidden> wrote:
> >
> > This is an update on the stable-4.2 branch of libslirp.git:
> >
> > git shortlog 55ab21c9a3..2faae0f778f81
> >
> > Marc-André Lureau (1):
> >       Fix use-afte-free in ip_reass() (CVE-2020-1983)
> >
> > CVE-2020-1983 is actually a follow up fix for commit
> > 126c04acbabd7ad32c2b018fe10dfac2a3bc1210 ("Fix heap overflow in
> > ip_reass on big packet input") which was was included in qemu
> > v4.1 (commit e1a4a24d262ba5ac74ea1795adb3ab1cd574c7fb "slirp: update
> > with CVE-2019-14378 fix").
> >
> > Signed-off-by: Marc-André Lureau <address@hidden>
>
> Hi; thanks for putting together this stable-branch update.
> I've run it through my test setup and it's fine; I'm just
> going to wait a little until I push it to master just in case
> anybody wants to speak up with an opinion/objection.
> I'll do that tomorrow afternoon UK time and then tag rc4.

Now applied to master, thanks.

-- PMM

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH for-5.0?] slirp: update to fix CVE-2020-1983, Marc-André Lureau, 2020/04/21
- Re: [PATCH for-5.0?] slirp: update to fix CVE-2020-1983, Peter Maydell, 2020/04/21
  - Re: [PATCH for-5.0?] slirp: update to fix CVE-2020-1983, Peter Maydell <=

Prev by Date: [PATCH for-5.0?] target/arm: Fix ID_MMFR4 value on AArch64 'max' CPU
Next by Date: Re: [PATCH for-5.0?] target/arm: Fix ID_MMFR4 value on AArch64 'max' CPU
Previous by thread: Re: [PATCH for-5.0?] slirp: update to fix CVE-2020-1983
Next by thread: [PATCH] fuzz: select fuzz target using executable name
Index(es):
- Date
- Thread