[Secure-testing-team] Bug#765496: CVE-2014-3689: insufficient parameter validation in vmware_vga rectangle functions
Michael Tokarev
mjt at tls.msk.ru
Wed Oct 15 16:17:53 UTC 2014
Package: qemu-system-x86
Version: 2.1+dfsg-5
Severity: normal
Tags: security upstream patch
CVE-2014-3689 has been reported agaist qemu vmware-vga device.
I think the priority of this isn't high because the device
isn't used widely, if not only for compatibility for "upgrading"
from vmware host. Yet still, some people might be using it
thinking it is more efficient than other options.
Upstream fix, thread:
http://thread.gmane.org/gmane.comp.emulators.qemu/301713
/mjt
More information about the Secure-testing-team
mailing list