Re: [Xen-devel] Xen Security Advisory 140 - QEMU leak of uninitialized heap memory in rtl8139 device model

[Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>]

Yuriy Kohut writes ("Re: Xen Security Advisory 140 - QEMU leak of uninitialized 
heap memory in rtl8139 device model"):
> Please find attached patches for the 'Qemu-dm 3.4 stable branchâ 
> (git://xenbits.xen.org/qemu-xen-3.4-testing.git):
> 
> # sha256sum xsa140-qemut-3.4-?.patch
> a6f614aea18f5ebf37b7d462c9190d7b9426a7b2ca304f314d05b8a328c9f831  
> xsa140-qemut-3.4-1.patch
> dd3f90a407f83fdaf7efa42a5aabcc479ad88a0bc8b98d31f1809dfe81543186  
> xsa140-qemut-3.4-2.patch
> b091a84fe888362a1501faf8aa546d2b8816e0ce6e197d8da9cd0bafc0e26dbb  
> xsa140-qemut-3.4-3.patch
> 454e6d0d6fe464c7a696c168ca5218fbd5d496eab1f5565bc02e391997b02a3d  
> xsa140-qemut-3.4-4.patch
> def8a6a33bddd77518b9ba2f8f16b2ac4ff962c34f24a94173e41b5a82adf68a  
> xsa140-qemut-3.4-5.patch
> c599838dfea5aa50eed8bc2ca373734a6ef4529738aa1d056637625d04d35875  
> xsa140-qemut-3.4-6.patch
> 6d2efbd7b492355160f38a61e0a83c5fb5be86e2a4c953cc2f4e05a2dda7001e  
> xsa140-qemut-3.4-7.patch

Hi.  Thanks a lot for this.

We (Xen maintainers) intend to handle these by applying this (as a
bugfix) to xen.git#staging, which is the 4.6 release prep branch.
They apply with some minor line offsets.  We'll then feed that into
our maintained stable branches in the usual way, and update the
advisory.

Yuriy, can I have your Signed-off-by for the backport work, in
accordance with
  
http://wiki.xenproject.org/wiki/Submitting_Xen_Project_Patches#Signing_off_a_patch
?

If so I will repost this as a formal patch series.

Thanks,
Ian.

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel