[OE-core] [PATCH] qemu: fix CVE-2020-7039

Randy MacLeod randy.macleod at windriver.com
Thu Mar 12 20:53:31 UTC 2020


On 2020-02-27 12:25 a.m., changqing.li at windriver.com wrote:
> From: Changqing Li <changqing.li at windriver.com>
> 
> Signed-off-by: Changqing Li <changqing.li at windriver.com>
> ---
>   meta/recipes-devtools/qemu/qemu.inc                |  3 +
>   .../qemu/qemu/CVE-2020-7039-1.patch                | 44 +++++++++++++++
>   .../qemu/qemu/CVE-2020-7039-2.patch                | 59 ++++++++++++++++++++
>   .../qemu/qemu/CVE-2020-7039-3.patch                | 64 ++++++++++++++++++++++
>   4 files changed, 170 insertions(+)
>   create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2020-7039-1.patch
>   create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2020-7039-2.patch
>   create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2020-7039-3.patch
> 

LGTM, I don't see it in master or master-next.

NVD gives this defect a 'critical' score so it would be good to get
it tested and merged.
https://nvd.nist.gov/vuln/detail/CVE-2020-7039

-- 
# Randy MacLeod
# Wind River Linux


More information about the Openembedded-core mailing list