Re: [Qemu-devel] [libvirt] [PATCH 2/3] adlib: mark as insecure and depre

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [libvirt] [PATCH 2/3] adlib: mark as insecure and depre

From:	Daniel P . Berrangé
Subject:	Re: [Qemu-devel] [libvirt] [PATCH 2/3] adlib: mark as insecure and deprecated.
Date:	Fri, 26 Oct 2018 10:54:33 +0100
User-agent:	Mutt/1.10.1 (2018-07-13)

On Fri, Oct 26, 2018 at 12:38:53PM +0530, P J P wrote:
> +-- On Thu, 25 Oct 2018, Daniel P. Berrangé wrote --+
> | On Thu, Oct 25, 2018 at 04:26:16PM +0530, P J P wrote:
> | > +-- On Thu, 25 Oct 2018, Gerd Hoffmann wrote --+
> | > | We have a lovely, guest-triggerable buffer overflow in opl2 emulation.
> | > | 
> | > | Reproducer:
> | > |     outw(0xff60, 0x220);
> | > |     outw(0x1020, 0x220);
> | > |     outw(0xffb0, 0x220);
> | > | Result:
> | > |     Will overflow FM_OPL->AR_TABLE[] (see hw/audio/fmopl.[ch])
> | > 
> | > + Reported-by: Wangjunqing <address@hidden>
> | 
> | So you have a CVE number for this ?
> 
> No, since the adlib device is not used as much and is being deprecated, I'm 
> not inclined to get one.

Any security issue that affects code in QEMU that is currently being
shipped by distros should have a CVE.

Whether we intend to deprecate & delete it later should not be a factor
because we are free to cancel the deprecation process at any time if we
find a reason to keep the feature around.

Regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [Qemu-devel] [PATCH 3/3] cirrus: mark as deprecated, (continued)
- [Qemu-devel] [PATCH 2/3] adlib: mark as insecure and deprecated., Gerd Hoffmann, 2018/10/25
  - Re: [Qemu-devel] [PATCH 2/3] adlib: mark as insecure and deprecated., P J P, 2018/10/25
    - Re: [Qemu-devel] [libvirt] [PATCH 2/3] adlib: mark as insecure and deprecated., Daniel P . Berrangé, 2018/10/25
    - Re: [Qemu-devel] [libvirt] [PATCH 2/3] adlib: mark as insecure and deprecated., P J P, 2018/10/26
    - Re: [Qemu-devel] [libvirt] [PATCH 2/3] adlib: mark as insecure and deprecated., Daniel P . Berrangé <=
    - Re: [Qemu-devel] [libvirt] [PATCH 2/3] adlib: mark as insecure and deprecated., P J P, 2018/10/26
  - Re: [Qemu-devel] [PATCH 2/3] adlib: mark as insecure and deprecated., Philippe Mathieu-Daudé, 2018/10/25
  - Re: [Qemu-devel] [PATCH 2/3] adlib: mark as insecure and deprecated., Thomas Huth, 2018/10/25
  - Re: [Qemu-devel] [PATCH 2/3] adlib: mark as insecure and deprecated., Paolo Bonzini, 2018/10/26
    - Re: [Qemu-devel] [PATCH 2/3] adlib: mark as insecure and deprecated., P J P, 2018/10/26
    - Re: [Qemu-devel] [PATCH 2/3] adlib: mark as insecure and deprecated., Paolo Bonzini, 2018/10/26
    - Re: [Qemu-devel] [PATCH 2/3] adlib: mark as insecure and deprecated., P J P, 2018/10/26
    - Re: [Qemu-devel] [PATCH 2/3] adlib: mark as insecure and deprecated., Gerd Hoffmann, 2018/10/29
- [Qemu-devel] [PATCH 1/3] qdev: add deprecation_reason to DeviceClass, Gerd Hoffmann, 2018/10/25
  - Re: [Qemu-devel] [PATCH 1/3] qdev: add deprecation_reason to DeviceClass, P J P, 2018/10/25

Prev by Date: Re: [Qemu-devel] [PATCH v7 19/20] target/mips: Move MXU_EN check one level higher
Next by Date: Re: [Qemu-devel] [PATCH v7 20/20] target/mips: Amend MXU ASE overview note
Previous by thread: Re: [Qemu-devel] [libvirt] [PATCH 2/3] adlib: mark as insecure and deprecated.
Next by thread: Re: [Qemu-devel] [libvirt] [PATCH 2/3] adlib: mark as insecure and deprecated.
Index(es):
- Date
- Thread