Skip to content

Nopatch qemu CVE-2016-7161 #152

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
dmcilvaney merged 2 commits into from
Sep 29, 2020
Merged

Nopatch qemu CVE-2016-7161 #152

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
fc6ad94
Nopatch qemu CVE-2016-7161
dmcilvaney Sep 28, 2020
813ef2c
Address feedback
dmcilvaney Sep 29, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions SPECS/qemu-kvm/CVE-2016-7161.nopatch
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
# CVE-2016-7161 was fixed in 2.7.0, but the CVE database was not updated.
42 changes: 23 additions & 19 deletions SPECS/qemu-kvm/qemu-kvm.spec
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,25 +1,27 @@
Summary: QEMU is a machine emulator and virtualizer
Name: qemu-kvm
Version: 4.2.0
Release: 11%{?dist}
License: GPLv2 and GPLv2+ and CC-BY and BSD
Group: Development/Tools
URL: https://www.qemu.org/
Source0: https://download.qemu.org/qemu-%{version}.tar.xz
Source1: 65-kvm.rules
Summary: QEMU is a machine emulator and virtualizer
Name: qemu-kvm
Version: 4.2.0
Release: 12%{?dist}
License: GPLv2 and GPLv2+ and CC-BY and BSD
Group: Development/Tools
URL: https://www.qemu.org/
Vendor: Microsoft Corporation
Distribution: Mariner
Source0: https://download.qemu.org/qemu-%{version}.tar.xz
Source1: 65-kvm.rules
# https://git.qemu.org/?p=qemu.git;a=commit;h=8ffb7265af64ec81748335ec8f20e7ab542c3850
Patch0: CVE-2020-11102.patch
Patch0: CVE-2020-11102.patch
# This vulnerability is in libslirp source code. And qemu is exposed to it when configured with libslirp.
# Since Mariner does not have libslirp, it is not applicable.
Patch1: CVE-2020-7039.nopatch
Patch2: CVE-2020-1711.patch
Patch3: CVE-2020-7211.patch
Patch4: CVE-2019-20175.patch
Patch5: CVE-2020-13659.patch
Patch6: CVE-2020-16092.patch
Patch7: CVE-2020-15863.patch
Vendor: Microsoft Corporation
Distribution: Mariner
Patch1: CVE-2020-7039.nopatch
Patch2: CVE-2020-1711.patch
Patch3: CVE-2020-7211.patch
Patch4: CVE-2019-20175.patch
Patch5: CVE-2020-13659.patch
Patch6: CVE-2020-16092.patch
Patch7: CVE-2020-15863.patch
# CVE-2016-7161 was fixed in 2.7.0, but the CVE database was not updated.
Patch8: CVE-2016-7161.nopatch

BuildRequires: python3-devel
BuildRequires: glib-devel
Expand Down Expand Up @@ -114,6 +116,8 @@ chmod 755 %{buildroot}%{_bindir}/qemu
%{_bindir}/qemu-nbd

%changelog
* Mon Sep 28 2020 Daniel McIlvaney <damcilva@microsoft.com> 4.2.0-12
- Nopatch CVE-2016-7161, it was fixed in 2.7
* Mon Sep 14 2020 Nicolas Guibourge <nicolasg@microsoft.com> 4.2.0-11
- Add patch for CVE-2020-15863
* Wed Sep 02 2020 Nicolas Ontiveros <niontive@microsoft.com> 4.2.0-10
Expand Down