On 10/03/2022 18.53, Jon Maloy wrote:
On 3/10/22 12:14, Thomas Huth wrote:
On 06/02/2022 20.19, Jon Maloy wrote:
Trying again with correct email address.
///jon
On 2/6/22 14:15, Jon Maloy wrote:
On 1/27/22 15:14, Jon Maloy wrote:
On 11/18/21 06:57, Philippe Mathieu-Daudé wrote:
Trivial fix for CVE-2021-3507.
Philippe Mathieu-Daudé (2):
hw/block/fdc: Prevent end-of-track overrun (CVE-2021-3507)
tests/qtest/fdc-test: Add a regression test for CVE-2021-3507
hw/block/fdc.c | 8 ++++++++
tests/qtest/fdc-test.c | 20 ++++++++++++++++++++
2 files changed, 28 insertions(+)
Series
Acked-by: Jon Maloy <jma...@redhat.com>
Philippe,
I hear from other sources that you earlier have qualified this one as
"incomplete".
I am of course aware that this one, just like my own patch, is just a
mitigation and not a complete correction of the erroneous calculation.
Or did you have anything else in mind?
Any news on this one? It would be nice to get the CVE fixed for 7.0 ?
Thomas
The ball is currently with John Snow, as I understand it.
The concern is that this fix may not take the driver back to a consistent
state, so that we may have other problems later.
Maybe Philippe can chip in with a comment here?
John, Philippe, any ideas how to move this forward?
Thomas
