1 files changed, 42 insertions, 0 deletions
diff --git a/recipes-devtools/qemu/qemu/CVE-2017-8309.patch b/recipes-devtools/qemu/qemu/CVE-2017-8309.patch
new file mode 100644
index 0000000..812e64b
--- /dev/null
+++ b/recipes-devtools/qemu/qemu/CVE-2017-8309.patch
@@ -0,0 +1,42 @@
+From 3268a845f41253fb55852a8429c32b50f36f349a Mon Sep 17 00:00:00 2001
+From: Gerd Hoffmann <kraxel@redhat.com>
+Date: Fri, 28 Apr 2017 09:56:12 +0200
+Subject: [PATCH] audio: release capture buffers
+AUD_add_capture() allocates two buffers which are never released.
+Add the missing calls to AUD_del_capture().
+Impact: Allows vnc clients to exhaust host memory by repeatedly
+starting and stopping audio capture.
+Fixes: CVE-2017-8309
+CVE-2017-8309
+Upstream-Status: Backport [backport from master, v2.10.0-rc0~214^2~27]
+Cc: P J P <ppandit@redhat.com>
+Cc: Huawei PSIRT <PSIRT@huawei.com>
+Reported-by: "Jiangxin (hunter, SCC)" <jiangxin1@huawei.com>
+Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
+Reviewed-by: Prasad J Pandit <pjp@fedoraproject.org>
+Message-id: 20170428075612.9997-1-kraxel@redhat.com
+Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
+---
+ audio/audio.c | 2 ++
+ 1 file changed, 2 insertions(+)
+diff --git a/audio/audio.c b/audio/audio.c
+index c8898d8..beafed2 100644
+--- a/audio/audio.c
+++ b/audio/audio.c
+@@ -2028,6 +2028,8 @@ void AUD_del_capture (CaptureVoiceOut *cap, void *cb_opaque)
+                     sw = sw1;
+                 }
+                 QLIST_REMOVE (cap, entries);
+                g_free (cap->hw.mix_buf);
+                g_free (cap->buf);
+                 g_free (cap);
+             }
+             return;
+--
+1.9.1

diff --git a/recipes-devtools/qemu/qemu/CVE-2017-8309.patch b/recipes-devtools/qemu/qemu/CVE-2017-8309.patch new file mode 100644 index 0000000..812e64b --- /dev/null +++ b/recipes-devtools/qemu/qemu/CVE-2017-8309.patch
@@ -0,0 +1,42 @@
	1	From 3268a845f41253fb55852a8429c32b50f36f349a Mon Sep 17 00:00:00 2001
	2	From: Gerd Hoffmann <kraxel@redhat.com>
	3	Date: Fri, 28 Apr 2017 09:56:12 +0200
	4	Subject: [PATCH] audio: release capture buffers
	5
	6	AUD_add_capture() allocates two buffers which are never released.
	7	Add the missing calls to AUD_del_capture().
	8
	9	Impact: Allows vnc clients to exhaust host memory by repeatedly
	10	starting and stopping audio capture.
	11
	12	Fixes: CVE-2017-8309
	13
	14	CVE-2017-8309
	15	Upstream-Status: Backport [backport from master, v2.10.0-rc0~214^2~27]
	16
	17	Cc: P J P <ppandit@redhat.com>
	18	Cc: Huawei PSIRT <PSIRT@huawei.com>
	19	Reported-by: "Jiangxin (hunter, SCC)" <jiangxin1@huawei.com>
	20	Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
	21	Reviewed-by: Prasad J Pandit <pjp@fedoraproject.org>
	22	Message-id: 20170428075612.9997-1-kraxel@redhat.com
	23	Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
	24	---
	25	audio/audio.c \| 2 ++
	26	1 file changed, 2 insertions(+)
	27
	28	diff --git a/audio/audio.c b/audio/audio.c
	29	index c8898d8..beafed2 100644
	30	--- a/audio/audio.c
	31	+++ b/audio/audio.c
	32	@@ -2028,6 +2028,8 @@ void AUD_del_capture (CaptureVoiceOut cap, void cb_opaque)
	33	sw = sw1;
	34	}
	35	QLIST_REMOVE (cap, entries);
	36	+ g_free (cap->hw.mix_buf);
	37	+ g_free (cap->buf);
	38	g_free (cap);
	39	}
	40	return;
	41	--
	42	1.9.1