[Pkg-xen-changes] r1136 - in branches/wheezy/xen/debian: . patches

Bastian Blank waldi at alioth.debian.org
Sat Jan 19 12:44:34 UTC 2013 

Author: waldi
Date: Sat Jan 19 12:44:33 2013
New Revision: 1136

Log:
* debian/changelog: Update.
* debian/patches/CVE-2012-5511: Mention CVE-2012-6333.

Modified:
   branches/wheezy/xen/debian/changelog
   branches/wheezy/xen/debian/patches/CVE-2012-5511

Modified: branches/wheezy/xen/debian/changelog
==============================================================================
--- branches/wheezy/xen/debian/changelog	Sat Jan 19 12:32:09 2013	(r1135)
+++ branches/wheezy/xen/debian/changelog	Sat Jan 19 12:44:33 2013	(r1136)
@@ -4,6 +4,8 @@
     CVE-2012-5634
   * Fix buffer overflow in qemu e1000 emulation.
     CVE-2012-6075
+  * Update patch, mention second CVE.
+    CVE-2012-5511, CVE-2012-6333
 
  -- Bastian Blank <waldi at debian.org>  Sat, 19 Jan 2013 13:04:21 +0100
 

Modified: branches/wheezy/xen/debian/patches/CVE-2012-5511
==============================================================================
--- branches/wheezy/xen/debian/patches/CVE-2012-5511	Sat Jan 19 12:32:09 2013	(r1135)
+++ branches/wheezy/xen/debian/patches/CVE-2012-5511	Sat Jan 19 12:44:33 2013	(r1136)
@@ -3,12 +3,12 @@
  ties up the physical processor. Integrating preemption into the p2m
  updates is hard so simply limit to 1GB which is sufficient for a 15000
  * 15000 * 32bpp framebuffer.
- x86/paging: Don't allocate user-controlled amounts of stack memory.
 From: Tim Deegan <tim at xen.org>
 From: Ian Campbell <ian.campbell at citrix.com>
 From: Jan Beulich <JBeulich at suse.com>
 Origin: upstream
 Id: CVE-2012-5511
+Id: CVE-2012-6333
 ---
 --- a/xen/arch/x86/hvm/hvm.c	Mon Nov 19 09:43:48 2012 +0100
 +++ b/xen/arch/x86/hvm/hvm.c	Mon Nov 19 16:00:33 2012 +0000
@@ -102,7 +102,7 @@
          rc = 0;
 --- a/xen/arch/x86/mm/paging.c	Mon Nov 19 09:43:48 2012 +0100
 +++ b/xen/arch/x86/mm/paging.c	Mon Nov 19 16:00:33 2012 +0000
-@@ -529,13 +529,18 @@ int paging_log_dirty_range(struct domain
+@@ -529,13 +529,19 @@ int paging_log_dirty_range(struct domain
  
      if ( !d->arch.paging.log_dirty.fault_count &&
           !d->arch.paging.log_dirty.dirty_count ) {
@@ -117,7 +117,8 @@
 -        if ( copy_to_guest_offset(dirty_bitmap, 0, (uint8_t *) zeroes,
 -                                  size * BYTES_PER_LONG) != 0 )
 -            rv = -EFAULT;
-+        for ( off = 0; !rv && off < size; off += sizeof zeroes )
++        off = 0;
++        while ( !rv && off < size )
 +        {
 +            int todo = min(size - off, (int) PAGE_SIZE);
 +            if ( copy_to_guest_offset(dirty_bitmap, off, zeroes, todo) )

More information about the Pkg-xen-changes mailing list