diff options
| author | Peter Korsgaard <peter@korsgaard.com> | 2017-12-20 12:26:01 +0100 |
|---|---|---|
| committer | Peter Korsgaard <peter@korsgaard.com> | 2017-12-27 23:32:26 +0100 |
| commit | 9aae9d93c01a7fdec3e414ed4b231f5538cd7b3e (patch) | |
| tree | 444c25099f3cd57f7f79bacd6896342f7ccf90cc /package/gnuplot/gnuplot.hash | |
| parent | 73531776dfac6669e077b8ee5c45ab85d57fae8d (diff) | |
| download | buildroot-9aae9d93c01a7fdec3e414ed4b231f5538cd7b3e.tar.gz buildroot-9aae9d93c01a7fdec3e414ed4b231f5538cd7b3e.zip | |
qemu: security bump to version 2.10.2
Fixes the following security issues:
CVE-2017-13672: QEMU (aka Quick Emulator), when built with the VGA display
emulator support, allows local guest OS privileged users to cause a denial
of service (out-of-bounds read and QEMU process crash) via vectors involving
display update.
CVE-2017-15118: Stack buffer overflow in NBD server triggered via long
export name
CVE-2017-15119: DoS via large option request
CVE-2017-15268: Qemu through 2.10.0 allows remote attackers to cause a
memory leak by triggering slow data-channel read operations, related to
io/channel-websock.c.
For more details, see the release announcement:
https://lists.nongnu.org/archive/html/qemu-devel/2017-12/msg03618.html
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit eb2b3df62666b0e2dc3042efdfecd7f62513bc9a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Diffstat (limited to 'package/gnuplot/gnuplot.hash')
0 files changed, 0 insertions, 0 deletions

