Hi, It looks very much like the vulnerability was introduced in a71c775b24ebc664129eb1d9b4c360590353efd5[0] which is not present prior 2.12.50.
I'd appreciate if a second pair of eyes could double check before I update the tracker for Jessie and Stretch. (scsi_handle_inquiry_reply was introduced in 0a96ca2437646bad197b0108c5f4a93e7ead05a9[1]. thanks! cheers, Hugo [0] https://git.qemu.org/?p=qemu.git;a=commit;h=a71c775b24ebc664129eb1d9b4c360590353efd5 [1] https://git.qemu.org/?p=qemu.git;a=commit;h=0a96ca2437646bad197b0108c5f4a93e7ead05a9 -- Hugo Lefeuvre (hle) | www.owl.eu.com RSA4096_ 360B 03B3 BF27 4F4D 7A3F D5E8 14AA 1EB8 A247 3DFD ed25519_ 37B2 6D38 0B25 B8A2 6B9F 3A65 A36F 5357 5F2D DC4C
signature.asc
Description: PGP signature