Am 23.03.2022 um 03:25 hat John Snow geschrieben: > On Fri, Mar 18, 2022 at 2:50 PM Thomas Huth <th...@redhat.com> wrote: > > > > On 10/03/2022 18.53, Jon Maloy wrote: > > > > > > On 3/10/22 12:14, Thomas Huth wrote: > > >> On 06/02/2022 20.19, Jon Maloy wrote: > > >>> Trying again with correct email address. > > >>> ///jon > > >>> > > >>> On 2/6/22 14:15, Jon Maloy wrote: > > >>>> > > >>>> > > >>>> On 1/27/22 15:14, Jon Maloy wrote: > > >>>>> > > >>>>> On 11/18/21 06:57, Philippe Mathieu-Daudé wrote: > > >>>>>> Trivial fix for CVE-2021-3507. > > >>>>>> > > >>>>>> Philippe Mathieu-Daudé (2): > > >>>>>> hw/block/fdc: Prevent end-of-track overrun (CVE-2021-3507) > > >>>>>> tests/qtest/fdc-test: Add a regression test for CVE-2021-3507 > > >>>>>> > > >>>>>> hw/block/fdc.c | 8 ++++++++ > > >>>>>> tests/qtest/fdc-test.c | 20 ++++++++++++++++++++ > > >>>>>> 2 files changed, 28 insertions(+) > > >>>>>> > > >>>>> Series > > >>>>> Acked-by: Jon Maloy <jma...@redhat.com> > > >>>> > > >>>> Philippe, > > >>>> I hear from other sources that you earlier have qualified this one as > > >>>> "incomplete". > > >>>> I am of course aware that this one, just like my own patch, is just a > > >>>> mitigation and not a complete correction of the erroneous calculation. > > >>>> Or did you have anything else in mind? > > >> > > >> Any news on this one? It would be nice to get the CVE fixed for 7.0 ? > > >> > > >> Thomas > > >> > > > The ball is currently with John Snow, as I understand it. > > > The concern is that this fix may not take the driver back to a consistent > > > state, so that we may have other problems later. > > > Maybe Philippe can chip in with a comment here? > > > > John, Philippe, any ideas how to move this forward? > > > > Thomas > > > > The ball is indeed in my court. I need to audit this properly and get > the patch re-applied, and get tests passing. > > As a personal favor: Could you please ping me on IRC tomorrow about > this? (Well, later today, for you.)
Going through old patches... Is this one still open? Kevin