Commit 54f94e52 authored by Michael Tokarev's avatar Michael Tokarev

update changelog, upload 3.1+dfsg-4 to unstable

parent 072d15a5
qemu (1:3.1+dfsg-4) unstable; urgency=medium
* mention closing of #855043 by 3.1+dfsg-3
* disable pvrdma for now, it is a bit too buggy.
Besides several security holes there are many other bugs there as well,
and the amount of patches applied upstream after 3.1 release is large
(Closes, or really makes unimportant again: CVE-2018-20123 CVE-2018-20124
CVE-2018-20125 CVE-2018-20126 CVE-2018-20191 CVE-2018-20216)
-- Michael Tokarev <mjt@tls.msk.ru> Mon, 11 Feb 2019 14:00:09 +0300
qemu (1:3.1+dfsg-3) unstable; urgency=medium
[ Michael Tokarev ]
......
From: Marcel Apfelbaum <marcel.apfelbaum@gmail.com>
Date: Sat, 22 Dec 2018 11:50:30 +0200
Subject: pvrdma: release device resources in case of an error (CVE-2018-20123)
Bug-Debian: http://bugs.debian.org/916442
From: Prasad J Pandit <pjp@fedoraproject.org>
If during pvrdma device initialisation an error occurs,
pvrdma_realize() does not release memory resources, leading
to memory leakage.
Reported-by: Li Qiang <liq3ea@163.com>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Message-Id: <20181212175817.815-1-ppandit@redhat.com>
Reviewed-by: Yuval Shaia <yuval.shaia@oracle.com>
Signed-off-by: Marcel Apfelbaum <marcel.apfelbaum@gmail.com>
---
hw/rdma/vmw/pvrdma_main.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/hw/rdma/vmw/pvrdma_main.c b/hw/rdma/vmw/pvrdma_main.c
index 23dc9926e3..64de16fb52 100644
--- a/hw/rdma/vmw/pvrdma_main.c
+++ b/hw/rdma/vmw/pvrdma_main.c
@@ -573,7 +573,7 @@ static void pvrdma_shutdown_notifier(Notifier *n, void *opaque)
static void pvrdma_realize(PCIDevice *pdev, Error **errp)
{
- int rc;
+ int rc = 0;
PVRDMADev *dev = PVRDMA_DEV(pdev);
Object *memdev_root;
bool ram_shared = false;
@@ -649,6 +649,7 @@ static void pvrdma_realize(PCIDevice *pdev, Error **errp)
out:
if (rc) {
+ pvrdma_fini(pdev);
error_append_hint(errp, "Device fail to load\n");
}
}
--
2.17.1
......@@ -5,5 +5,4 @@ bt-use-size_t-type-for-length-parameters-instead-of-int-CVE-2018-19665.patch
hw_usb-fix-mistaken-de-initialization-of-CCID-state.patch
sparc64-timeval.tv_usec-is-int.patch
scsi-generic-avoid-possible-oob-access-to-r-buf-CVE-2019-6501.patch
pvrdma-release-device-resources-on-error-CVE-2018-20123.patch
slirp-check-data-length-while-emulating-ident-function-CVE-2019-6778.patch
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment