On Fri, 2018-10-12 at 02:22 +0200, Philippe Mathieu-Daudé wrote: > The number of bytes can not be negative nor zero. > > Fixed 2 format string: > - hw/char/spapr_vty.c > - hw/usb/ccid-card-passthru.c > > Suggested-by: Paolo Bonzini <pbonz...@redhat.com> > Signed-off-by: Philippe Mathieu-Daudé <phi...@redhat.com> > Acked-by: Alberto Garcia <be...@igalia.com>
Sorry to drag up an old patch series. As far as I can see this series was never applied. I suspect a better way of solving the issue may have been found? If so can anyone point me at that change? I ask since CVE-2018-18438 is marked as affecting all qemu versions (https://nvd.nist.gov/vuln/detail/CVE-2018-18438). If it was fixed, the version mask could be updated. If the fix wasn't deemed worthwhile for some reason that is also fine and I can mark this one as such in our system. I'm being told we only need one of the patches in this series which I also don't believe as I suspect we either need the set or none of them! Any info would be most welcome. Cheers, Richard