On 5 September 2014 12:21, Gerd Hoffmann <kraxel@xxxxxxxxxx> wrote: > Hi, > > So, as announced yesterday, here comes the CVE-2014-3615 pull request. > > please pull, > Gerd > > The following changes since commit 30eaca3acdf17d7bcbd1213eb149c02037edfb0b: > > Merge remote-tracking branch 'remotes/spice/tags/pull-spice-20140902-1' into staging (2014-09-02 10:26:10 +0100) > > are available in the git repository at: > > > git://git.kraxel.org/qemu tags/pull-cve-2014-3615-20140905-1 > > for you to fetch changes up to ab9509cceabef28071e41bdfa073083859c949a7: > > spice: make sure we don't overflow ssd->buf (2014-09-05 12:19:50 +0200) > > ---------------------------------------------------------------- > CVE-2014-3615: fix sanity checks in vbe (bochs dispi) and spice. > > ---------------------------------------------------------------- > Gerd Hoffmann (3): > vbe: make bochs dispi interface return the correct memory size with qxl > vbe: rework sanity checks > spice: make sure we don't overflow ssd->buf Applied, thanks. -- PMM _______________________________________________ Spice-devel mailing list Spice-devel@xxxxxxxxxxxxxxxxxxxxx http://lists.freedesktop.org/mailman/listinfo/spice-devel