Hi Prasad, Richard. On 1/22/21 12:52 PM, P J P wrote: > +-- On Fri, 22 Jan 2021, Richard Purdie wrote --+ > | If so can anyone point me at that change? > | > | I ask since CVE-2018-18438 is marked as affecting all qemu versions > | (https://nvd.nist.gov/vuln/detail/CVE-2018-18438). > | > | If it was fixed, the version mask could be updated. If the fix wasn't > deemed > | worthwhile for some reason that is also fine and I can mark this one as > such > | in our system. I'm being told we only need one of the patches in this > series > | which I also don't believe as I suspect we either need the set or none of > | them! > | > | Any info would be most welcome. > > -> https://lists.gnu.org/archive/html/qemu-devel/2018-10/msg02239.html > -> https://lists.gnu.org/archive/html/qemu-devel/2018-10/msg02231.html > > * Yes, the type change fix had come up during patch reviews above, and this > series implemented the change. > > * Series is required IIUC, didn't realise it's not merged.
Audit from Marc-André pointed that this is unlikely, we asked the reporter for a reproducer and got not news, and eventually closed this as NOTABUG (not even WONTFIX): https://bugzilla.redhat.com/show_bug.cgi?id=1609015 Regards, Phil.
