Bug 203112 - emulators/qemu-devel: Multiple security vulnerabilities
Summary: emulators/qemu-devel: Multiple security vulnerabilities
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Muhammad Moinur Rahman
URL:
Keywords: needs-patch, security
Depends on:
Blocks:
 
Reported: 2015-09-15 00:44 UTC by Sevan Janiyan
Modified: 2016-01-01 17:57 UTC (History)
4 users (show)

See Also:
bofh: maintainer-feedback+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Comment 1 Jason Unovitch freebsd_committer freebsd_triage 2015-09-18 00:56:06 UTC
CVE-2015-5165 and CVE-2015-5154
http://www.vuxml.org/freebsd/f06f20dc-4347-11e5-93ad-002590263bf5.html
http://www.vuxml.org/freebsd/da451130-365d-11e5-a4a5-002590263bf5.html

emulators/qemu is still impacted and we still discussing the way ahead in 202402. The other ports have been fixed.

CVE-2015-5225:
In progress, https://reviews.freebsd.org/D3691

CVE-2015-5745:
Looking into this one now.
Comment 2 Jason Unovitch freebsd_committer freebsd_triage 2015-09-18 01:04:28 UTC
(In reply to Jason Unovitch from comment #1)

CVE-2015-5745:
In emulators/qemu-devel 2.4.0 so this is mainly missing documentation along with discussion on emulators/qemu way ahead.

https://github.com/qemu/qemu/commit/7882080388be5088e72c425b02223c02e6cb4295
Comment 3 Sean Bruno freebsd_committer freebsd_triage 2015-12-21 16:05:33 UTC
Assign to maintainer.  emulators/qemu now tracks the stable release.  I'm unsure what we're goind to do with the -devel port.
Comment 4 Muhammad Moinur Rahman freebsd_committer freebsd_triage 2016-01-01 16:59:41 UTC
Poudriere building.
Comment 5 commit-hook freebsd_committer freebsd_triage 2016-01-01 17:54:14 UTC
A commit references this bug:

Author: bofh
Date: Fri Jan  1 17:54:10 UTC 2016
New revision: 405027
URL: https://svnweb.freebsd.org/changeset/ports/405027

Log:
  emulators/qemu-devel: Update version 2.4.0=>2.5.0

  - Remove nox@ from MASTER_SITES (R.I.P. nox)
  - Take MAINTAINERSHIP
  - Add LICENSE (GPLv2)
  - Convert to OPTIONSNG
  - Fix patch files to be 'make makepatch' compatible
  - Fix Multiple Security Vulnerabilities [1]

  PR:		203112 [1]
  Submitted by:	venture37@geeklan.co.uk [1]
  Security:	CVE-2015-5165 [1]
  		CVE-2015-5745 [1]
  		CVE-2015-5154 [1]
  		CVE-2015-5225 [1]
  Differential Revision:	https://reviews.freebsd.org/D3691

Changes:
  head/emulators/qemu-devel/Makefile
  head/emulators/qemu-devel/distinfo
  head/emulators/qemu-devel/files/cdrom-dma-patch
  head/emulators/qemu-devel/files/hw_e1000_c.patch
  head/emulators/qemu-devel/files/patch-Makefile
  head/emulators/qemu-devel/files/patch-configure
  head/emulators/qemu-devel/files/patch-disas-libvixl-a64-disasm-a64.cc
  head/emulators/qemu-devel/files/patch-disas_libvixl_a64_disasm-a64.cc
  head/emulators/qemu-devel/files/patch-include-qemu-common.h
  head/emulators/qemu-devel/files/patch-include_net_net.h
  head/emulators/qemu-devel/files/patch-include_qemu-common.h
  head/emulators/qemu-devel/files/patch-net-tap-bsd.c
  head/emulators/qemu-devel/files/patch-net_tap-bsd.c
  head/emulators/qemu-devel/files/patch-qemu-char.c
  head/emulators/qemu-devel/files/patch-qemu-doc.texi
  head/emulators/qemu-devel/files/patch-qemu-include-net-net.h
  head/emulators/qemu-devel/files/patch-qemu-slirp-slirp_config.h
  head/emulators/qemu-devel/files/patch-slirp_slirp__config.h
  head/emulators/qemu-devel/files/patch-ui_x__keymap.c
  head/emulators/qemu-devel/files/patch-vl.c-serial
  head/emulators/qemu-devel/files/patch-x_keymap.c
  head/emulators/qemu-devel/files/pcap-patch
  head/emulators/qemu-devel/pkg-plist