Hello all, Thank you Philippe for looping me in.
On Monday, 13 July, 2020, 1:46:45 pm IST, Philippe Mathieu-Daudé <[email protected]> wrote: 7/11/20 2:28 PM, 林奕帆 wrote: > I am a student from Fudan University in China. I am doing research on > CVE patch recently. But i can not find the PATCH COMMIT of > CVE-2019-12247 cve-2019-12155 cve-2019-6778.Can you give me the commit > fix this cve? CVE-2019-12155 QEMU: qxl: null pointer dereference while releasing spice resources -> https://git.qemu.org/?p=qemu.git;a=commit;h=d52680fc932efb8a2f334cc6993e705ed1e31e99 -> https://www.openwall.com/lists/oss-security/2019/05/22/1 CVE-2019-6778 QEMU: slirp: heap buffer overflow in tcp_emu() -> https://www.openwall.com/lists/oss-security/2019/01/24/5 -> https://lists.gnu.org/archive/html/qemu-devel/2019-01/msg03132.html This slirp patch is merged upstream. IIRC, after its merger SLiRP code moved into a new repository will have to dig through git logs/history to find patch link/URL. CVE-2019-12247 QEMU: qemu-guest-agent: integer overflow while running guest-exec command -> https://www.openwall.com/lists/oss-security/2019/05/22/4 -> https://lists.gnu.org/archive/html/qemu-devel/2019-05/msg04596.html @Michael: Looks like 'CVE-2019-12247' patch above was not merged...? Any idea? Thank you. --- -P J P
