]> xenbits.xensource.com Git - qemu-upstream-4.3-testing.git/commit
projects / qemu-upstream-4.3-testing.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 580b1d0) | patch
block/curl: disable extra protocols to prevent CVE-2013-0249
authorStefan Hajnoczi <stefanha@redhat.com>
Fri, 8 Feb 2013 07:49:10 +0000 (08:49 +0100)
committerStefano Stabellini <stefano.stabellini@eu.citrix.com>
Wed, 4 Mar 2015 15:59:44 +0000 (15:59 +0000)
commit1a8d18e3acfd356c5285e4856d94c33b2d707a79
tree68800d2783712194538c1f9cc077691674b28b02tree
parent580b1d06aa3eed3ae9c12b4225a1ea1c192ab119commit | diff
block/curl: disable extra protocols to prevent CVE-2013-0249

There is a buffer overflow in libcurl POP3/SMTP/IMAP.  The workaround is
simple: disable extra protocols so that they cannot be exploited.  Full
details here:

  http://curl.haxx.se/docs/adv_20130206.html

QEMU only cares about HTTP, HTTPS, FTP, FTPS, and TFTP.  I have tested
that this fix prevents the exploit on my host with
libcurl-7.27.0-5.fc18.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
block/curl.c diff | blob | history
Obsolete Upstream Qemu based repository for xen-unstable