[Buildroot] [PATCH] spice: add upstream security fixes for CVE-2017-7506
Peter Korsgaard
peter at korsgaard.com
Fri Jul 14 19:41:54 UTC 2017
>>>>> "Thomas" == Thomas Petazzoni <thomas.petazzoni at free-electrons.com> writes:
> Hello,
> On Fri, 14 Jul 2017 16:02:03 +0200, Peter Korsgaard wrote:
>> Fixes CVE-2017-7506 - Possible buffer overflow via invalid monitor
>> configurations.
>>
>> For more details, see:
>> https://marc.info/?l=oss-security&m=150001782924095
>>
>> Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
>> ---
>> ...nect-when-receiving-overly-big-ClientMoni.patch | 75 ++++++++++++++++++++++
>> ...integer-overflows-handling-monitor-config.patch | 31 +++++++++
>> ...buffer-overflows-handling-monitor-configu.patch | 48 ++++++++++++++
>> 3 files changed, 154 insertions(+)
>> create mode 100644 package/spice/0004-reds-Disconnect-when-receiving-overly-big-ClientMoni.patch
>> create mode 100644 package/spice/0005-reds-Avoid-integer-overflows-handling-monitor-config.patch
>> create mode 100644 package/spice/0006-reds-Avoid-buffer-overflows-handling-monitor-configu.patch
> Applied to master, thanks. However, you forgot to use "git format-patch
> -N" to generate the patches, so I removed the numbering from the patch
> titles.
Crap, indeed :/ Sorry, and thanks for fixing it!
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list