From 057e5dcf533fdfeacecd46fb1122ca8984ac4218 Mon Sep 17 00:00:00 2001 From: Daniel McIlvaney Date: Tue, 29 Sep 2020 16:06:26 -0700 Subject: [PATCH] Nopatch qemu CVE-2015-7504 CVE-2017-5931 CVE-2017-14167 --- SPECS/qemu-kvm/CVE-2015-7504.nopatch | 1 + SPECS/qemu-kvm/CVE-2016-7161.nopatch | 2 +- SPECS/qemu-kvm/CVE-2017-14167.nopatch | 1 + SPECS/qemu-kvm/CVE-2017-5931.nopatch | 1 + SPECS/qemu-kvm/qemu-kvm.spec | 14 ++++++++++++-- 5 files changed, 16 insertions(+), 3 deletions(-) create mode 100644 SPECS/qemu-kvm/CVE-2015-7504.nopatch create mode 100644 SPECS/qemu-kvm/CVE-2017-14167.nopatch create mode 100644 SPECS/qemu-kvm/CVE-2017-5931.nopatch diff --git a/SPECS/qemu-kvm/CVE-2015-7504.nopatch b/SPECS/qemu-kvm/CVE-2015-7504.nopatch new file mode 100644 index 00000000000..a4242bf6b56 --- /dev/null +++ b/SPECS/qemu-kvm/CVE-2015-7504.nopatch @@ -0,0 +1 @@ +# CVE-2015-7504 was fixed in 2.5.0, but the CVE database was not updated. (837f21aacf5a714c23ddaadbbc5212f9b661e3f7) \ No newline at end of file diff --git a/SPECS/qemu-kvm/CVE-2016-7161.nopatch b/SPECS/qemu-kvm/CVE-2016-7161.nopatch index 4070f5dc867..b9e0ecbbc28 100644 --- a/SPECS/qemu-kvm/CVE-2016-7161.nopatch +++ b/SPECS/qemu-kvm/CVE-2016-7161.nopatch @@ -1 +1 @@ -# CVE-2016-7161 was fixed in 2.7.0, but the CVE database was not updated. \ No newline at end of file +# CVE-2016-7161 was fixed in 2.7.0, but the CVE database was not updated. (a0d1cbdacff5df4ded16b753b38fdd9da6092968) \ No newline at end of file diff --git a/SPECS/qemu-kvm/CVE-2017-14167.nopatch b/SPECS/qemu-kvm/CVE-2017-14167.nopatch new file mode 100644 index 00000000000..68d9f5ae58f --- /dev/null +++ b/SPECS/qemu-kvm/CVE-2017-14167.nopatch @@ -0,0 +1 @@ +# CVE-2017-14167 was fixed in 2.11.0, but the CVE database was not updated. (ed4f86e8b6eff8e600c69adee68c7cd34dd2cccb) \ No newline at end of file diff --git a/SPECS/qemu-kvm/CVE-2017-5931.nopatch b/SPECS/qemu-kvm/CVE-2017-5931.nopatch new file mode 100644 index 00000000000..f705f04ae37 --- /dev/null +++ b/SPECS/qemu-kvm/CVE-2017-5931.nopatch @@ -0,0 +1 @@ +# CVE-2017-5931 was fixed in 2.9.0, but the CVE database was not updated. (a08aaff811fb194950f79711d2afe5a892ae03a4) \ No newline at end of file diff --git a/SPECS/qemu-kvm/qemu-kvm.spec b/SPECS/qemu-kvm/qemu-kvm.spec index 24e1a464f45..6becd32182b 100644 --- a/SPECS/qemu-kvm/qemu-kvm.spec +++ b/SPECS/qemu-kvm/qemu-kvm.spec @@ -1,7 +1,7 @@ Summary: QEMU is a machine emulator and virtualizer Name: qemu-kvm Version: 4.2.0 -Release: 12%{?dist} +Release: 13%{?dist} License: GPLv2 and GPLv2+ and CC-BY and BSD Group: Development/Tools URL: https://www.qemu.org/ @@ -20,8 +20,14 @@ Patch4: CVE-2019-20175.patch Patch5: CVE-2020-13659.patch Patch6: CVE-2020-16092.patch Patch7: CVE-2020-15863.patch -# CVE-2016-7161 was fixed in 2.7.0, but the CVE database was not updated. +# CVE-2016-7161 was fixed in 2.7.0, but the CVE database was not updated. (a0d1cbdacff5df4ded16b753b38fdd9da6092968) Patch8: CVE-2016-7161.nopatch +# CVE-2015-7504 was fixed in 2.5.0, but the CVE database was not updated. (837f21aacf5a714c23ddaadbbc5212f9b661e3f7) +Patch9: CVE-2015-7504.nopatch +# CVE-2017-5931 was fixed in 2.9.0, but the CVE database was not updated. (a08aaff811fb194950f79711d2afe5a892ae03a4) +Patch10: CVE-2017-5931.nopatch +# CVE-2017-14167 was fixed in 2.11.0, but the CVE database was not updated. (ed4f86e8b6eff8e600c69adee68c7cd34dd2cccb) +Patch11: CVE-2017-14167.nopatch BuildRequires: python3-devel BuildRequires: glib-devel @@ -116,6 +122,10 @@ chmod 755 %{buildroot}%{_bindir}/qemu %{_bindir}/qemu-nbd %changelog +* Tue Sep 29 2020 Daniel McIlvaney 4.2.0-13 +- Nopatch CVE-2015-7504, it was fixed in 2.5.0 +- Nopatch CVE-2017-5931, it was fixed in 2.9.0 +- Nopatch CVE-2017-14167, it was fixed in 2.11.0 * Mon Sep 28 2020 Daniel McIlvaney 4.2.0-12 - Nopatch CVE-2016-7161, it was fixed in 2.7 * Mon Sep 14 2020 Nicolas Guibourge 4.2.0-11