[Secure-testing-team] Bug#646118: CVE-2011-3346: buffer overflow in scsi subsystem
Michael Tokarev
mjt at tls.msk.ru
Fri Oct 21 14:54:09 UTC 2011
Package: qemu-kvm
Version: 0.12.5+dfsg-5+squeeze6
Severity: important
Tags: security upstream patch
CVE-2011-3346 flaw, as described in https://bugzilla.redhat.com/show_bug.cgi?id=736038,
also affects qemu-kvm, as shipped in squeeze, testing/unstable and experimental.
The patch to fix this issue is available at:
http://repo.or.cz/w/qemu.git/commit/7285477ab11831b1cf56e45878a89170dd06d9b9
http://repo.or.cz/w/qemu.git/commit/103b40f51e4012b3b0ad20f615562a1806d7f49a
but both requires some backporting work (which I'm doing currently).
/mjt
More information about the Secure-testing-team
mailing list