Bug#699396: CVE-2013-0241 - qxl: synchronous io guest DoS
Hi, Luciano, On Thu, Jan 31, 2013 at 12:10:16AM +0100, Luciano Bello wrote: Package: xserver-xorg-video-qxl Severity: grave Tags: security patch Justification: user security hole Hi there, Take a look to http://seclists.org/oss-sec/2013/q1/204 Please, use CVE-2013-0241 to refer this issue. The Debian package in unstable looks affected. Can you check if the stable or testings are affected too? I checked the patch, it modified following function: qxl_handle_oom qxl_allocnf setup_slot qxl_surface_cache_create_primary download_box qxl_allocnf exist in qxl 0.0.12, but it have not use ioport_write function, other function don't exist in qxl 0.0.12. Could you please check wheather this bug affect qxl in squeeze ? Thanks and Regards, -- Liang Guo http://bluestone.cublog.cn signature.asc Description: Digital signature
Bug#699396: CVE-2013-0241 - qxl: synchronous io guest DoS
Hi, On Thu, Jan 31, 2013 at 12:10:16AM +0100, Luciano Bello wrote: Package: xserver-xorg-video-qxl Severity: grave Tags: security patch Justification: user security hole Hi there, Take a look to http://seclists.org/oss-sec/2013/q1/204 Please, use CVE-2013-0241 to refer this issue. The Debian package in unstable looks affected. Can you check if the stable or testings are affected too? Cheers, luciano Would you like to check xserver-xorg-video-qxl 0.0.17 is affected? According to http://seclists.org/oss-sec/2013/q1/204, this bug is fixed in commit 30b4b72cdbdf9f0e92a8d1c4e01779f60f15a741, which is included in 0.0.17. I'm backport this patch to 0.0.12, I'll let you know when it is ready. Thanks and Regards, -- Liang Guo http://bluestone.cublog.cn signature.asc Description: Digital signature
Bug#699396: CVE-2013-0241 - qxl: synchronous io guest DoS
Package: xserver-xorg-video-qxl Severity: grave Tags: security patch Justification: user security hole Hi there, Take a look to http://seclists.org/oss-sec/2013/q1/204 Please, use CVE-2013-0241 to refer this issue. The Debian package in unstable looks affected. Can you check if the stable or testings are affected too? Cheers, luciano -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
