[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH v2 07/11] chardev: Let IOReadHandler use unsigne
From: |
Richard Purdie |
Subject: |
Re: [Qemu-devel] [PATCH v2 07/11] chardev: Let IOReadHandler use unsigned type |
Date: |
Fri, 22 Jan 2021 15:25:06 +0000 |
User-agent: |
Evolution 3.38.1-1 |
On Fri, 2021-01-22 at 14:55 +0100, Philippe Mathieu-Daudé wrote:
> Hi Prasad, Richard.
>
> On 1/22/21 12:52 PM, P J P wrote:
> > +-- On Fri, 22 Jan 2021, Richard Purdie wrote --+
> > > If so can anyone point me at that change?
> > >
> > > I ask since CVE-2018-18438 is marked as affecting all qemu versions
> > > (https://nvd.nist.gov/vuln/detail/CVE-2018-18438).
> > >
> > > If it was fixed, the version mask could be updated. If the fix wasn't
> > > deemed
> > > worthwhile for some reason that is also fine and I can mark this one as
> > > such
> > > in our system. I'm being told we only need one of the patches in this
> > > series
> > > which I also don't believe as I suspect we either need the set or none of
> > > them!
> > >
> > > Any info would be most welcome.
> >
> > -> https://lists.gnu.org/archive/html/qemu-devel/2018-10/msg02239.html
> > -> https://lists.gnu.org/archive/html/qemu-devel/2018-10/msg02231.html
> >
> > * Yes, the type change fix had come up during patch reviews above, and this
> > series implemented the change.
> >
> > * Series is required IIUC, didn't realise it's not merged.
>
> Audit from Marc-André pointed that this is unlikely, we asked the
> reporter for a reproducer and got not news, and eventually closed
> this as NOTABUG (not even WONTFIX):
> https://bugzilla.redhat.com/show_bug.cgi?id=1609015
I guessed there some resolution like this but couldn't find it thanks
for the pointer. It's now clear in the archives and I can handle
appropriately rejecting carrying those patches, thanks!
Cheers,
Richard