Quoting Thomas Huth (2019-10-01 23:40:49) > On 02/10/2019 01.44, Michael Roth wrote: > > Hi everyone, > > > > > > The following new patches are queued for QEMU stable v4.0.1: > > > > https://github.com/mdroth/qemu/commits/stable-4.0-staging > > > > The release is planned for 2019-10-17: > > > > https://wiki.qemu.org/Planning/4.0 > > > > Please respond here or CC qemu-sta...@nongnu.org on any patches you > > think should be included in the release. > > > Would it make sense to include the slirp update: > > e1a4a24d262ba5ac74ea1795adb3ab1cd574c7fb > "slirp: update with CVE-2019-14378 fix"
4.0 hadn't yet moved to using slirp submodule, but the following patches are included here and should provide the equivalent fixes: slirp: ip_reass: Fix use after free slirp: Fix heap overflow in ip_reass on big packet input > > ? > > And maybe these commits: > > 22235bb609c18547cf6b215bad1f9d2ec56ad371 > "pc-dimm: fix crash when invalid slot number is used" > > 95667c3be0c9f5fc62f58fe845879250f63f7d32 > "nvme: Set number of queues later in nvme_init()" > > c0bccee9b40ec58c9d165b406ae3d4f63652ce53 > "hw/ssi/mss-spi: Avoid crash when reading empty RX FIFO" > > a09ef5040477643a7026703199d8781fe048d3a8 > "hw/display/xlnx_dp: Avoid crash when reading empty RX FIFO" Applied, thanks! > > Thomas >