From patchwork Fri Feb 10 22:13:09 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Young X-Patchwork-Id: 9567559 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 029C4601EA for ; Fri, 10 Feb 2017 22:18:21 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id E3BFC285DE for ; Fri, 10 Feb 2017 22:18:20 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id D8D1E285E3; Fri, 10 Feb 2017 22:18:20 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.2 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 398D3285DE for ; Fri, 10 Feb 2017 22:18:19 +0000 (UTC) Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ccJTV-0001wj-AC; Fri, 10 Feb 2017 22:15:29 +0000 Received: from mail6.bemta6.messagelabs.com ([193.109.254.103]) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ccJTU-0001wd-16 for xen-devel@lists.xen.org; Fri, 10 Feb 2017 22:15:28 +0000 Received: from [85.158.143.35] by server-6.bemta-6.messagelabs.com id 88/4F-15112-F7B3E985; Fri, 10 Feb 2017 22:15:27 +0000 X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFjrJIsWRWlGSWpSXmKPExsXS+OoHk26d9bw Ig1N/VCzuXDjIarHk42IWByaPo7t/M3mcvjWLLYApijUzLym/IoE149dSj4L9rBWfvs5mamDc ztLFyMUhJLCXUaLj21YmCGcRo8SdCSuBHE4OFgFViaYPa9lBbDYBHYm7DeuAOjg4JAQUJNo7M kHCIgJ6EhdfdjOBhJkFZCXWz68ECQsLpEk8ePCHFcTmFDCXWH/6DAuIzStgK3Hg5kwwW0jATG LL829gtqiAtsSs/ulMEDWCEidnPgGLMwtYS+yaPZUVYqu2xLlLRSBhEPNd11u2CYwCs5B0zEL SsYCRaRWjRnFqUVlqka6RkV5SUWZ6RkluYmaOrqGBmV5uanFxYnpqTmJSsV5yfu4mRmBQMgDB DsY18wMPMUpyMCmJ8j7jnBchxJeUn1KZkVicEV9UmpNafIhRg4ND4MrBI7MZpVjy8vNSlSR4X 1kC1QkWpaanVqRl5gDjBqZUgoNHSYS3ByTNW1yQmFucmQ6ROsWoy3Hq04WXTEJgM6TEeTmsgI oEQIoySvPgRsBi+BKjrJQwLyPQgUI8BalFuZklqPKvGMU5GJWEeX+DrOLJzCuB2/QK6AgmoCN cH8wFOaIkESEl1cBY6iptrLzfJpXTuciOraO023lXu9FRvzWtO8rU72SzRviXTjeI2yG397Bm 7i0Fwx9njn5eEmGe55K2f7b5/wXCT/xVf/ubCjm4+072y+m857Lh8um6tTcjFKRVjBTfulfMf fUhou4r222+xyKSYgxmSWvDTi6v+268ucbusS7H7kNb3dWOnFdiKc5INNRiLipOBAD4czX43A IAAA== X-Env-Sender: m.a.young@durham.ac.uk X-Msg-Ref: server-3.tower-21.messagelabs.com!1486764926!56610365!1 X-Originating-IP: [129.234.248.2] X-SpamReason: No, hits=0.0 required=7.0 tests=sa_preprocessor: VHJ1c3RlZCBJUDogMTI5LjIzNC4yNDguMiA9PiA5ODA1MA==\n X-StarScan-Received: X-StarScan-Version: 9.2.3; banners=-,-,- X-VirusChecked: Checked Received: (qmail 59886 invoked from network); 10 Feb 2017 22:15:26 -0000 Received: from hermes2.dur.ac.uk (HELO hermes2.dur.ac.uk) (129.234.248.2) by server-3.tower-21.messagelabs.com with DHE-RSA-AES256-GCM-SHA384 encrypted SMTP; 10 Feb 2017 22:15:26 -0000 Received: from CISVIRHUB01.mds.ad.dur.ac.uk (cisvirhub01.mds.ad.dur.ac.uk [10.234.250.42]) by hermes2.dur.ac.uk (8.14.4/8.14.4) with ESMTP id v1AMFCAS009924; Fri, 10 Feb 2017 22:15:16 GMT Received: from austen3.home (109.155.216.92) by smtp.dur.ac.uk (129.234.251.207) with Microsoft SMTP Server (TLS) id 14.3.294.0; Fri, 10 Feb 2017 22:15:12 +0000 Date: Fri, 10 Feb 2017 22:13:09 +0000 From: Michael Young X-X-Sender: michael@austen3.home To: "Xen.org security team" In-Reply-To: Message-ID: References: User-Agent: Alpine 2.20 (LFD 67 2015-01-07) MIME-Version: 1.0 X-DurhamAcUk-MailScanner-ID: v1AMFCAS009924 X-DurhamAcUk-MailScanner: Found to be clean Cc: xen-devel@lists.xen.org Subject: Re: [Xen-devel] Xen Security Advisory 208 (CVE-2017-2615) - oob access in cirrus bitblt copy X-BeenThere: xen-devel@lists.xen.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xen.org Sender: "Xen-devel" X-Virus-Scanned: ClamAV using ClamSMTP On Fri, 10 Feb 2017, Xen.org security team wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Xen Security Advisory CVE-2017-2615 / XSA-208 > > oob access in cirrus bitblt copy The qemu-xen-traditional patch is malformed, as the file it tries to patch is at the xen-qemu location and the before and after line counts are wrong, so https://lists.xen.org/xen-devel --- a/hw/display/cirrus_vga.c +++ b/hw/display/cirrus_vga.c @@ -307,11 +307,9 @@ static bool blit_region_is_unsafe(struct CirrusVGAState *s, should be (if I have got the offset right) --- a/hw/cirrus_vga.c +++ b/hw/cirrus_vga.c @@ -308,10 +308,9 @@ static bool blit_region_is_unsafe(struct CirrusVGAState *s, Michael Young _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org