On 28.01.2012 03:04, Matt Kraai wrote:
> Hi,
> 
> I've attached a patch that should fix this problem to this message.
> It's based on the patch used to fix this problem in unstable, which
> doesn't apply cleanly to the stable version.  I wasn't sure what do to
> about the patch headers, so I left them unchanged.  Should I upload a
> fixed package somewhere?

See DSA 2396-1 which were issued about 5 hours ago.  The fixed
stable version is already available in debian security archives.

Also,

http://anonscm.debian.org/gitweb/?p=collab-maint/qemu-kvm.git;a=shortlog;h=refs/heads/squeeze

and in particular,

http://anonscm.debian.org/gitweb/?p=collab-maint/qemu-kvm.git;a=blob;f=debian/patches/e1000-bounds-packet-size-against-buffer-size-CVE-2012-0029.diff;h=91ab34c2ee49499706aedc70618139ccc9d95923;hb=59e1ee22261dbc793282f61c9ed12bfd56d7c056

The difference between 1.0 and 0.12 version is cpu_physical_memory_read
that's used in 0.12 vs pci_dma_read() used in later version, and 13-line
offset.

Thanks,

/mjt



-- 
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]

Reply via email to