From 3afaf243ba669edd7b5dc38929c4e6fec267737d Mon Sep 17 00:00:00 2001 From: Vivek Kumbhar Date: Thu, 10 Aug 2023 18:46:46 +0530 Subject: qemu:fix CVE-2023-3354 VNC: improper I/O watch removal in TLS handshake can lead to remote unauthenticated denial of service (From OE-Core rev: 447bab76f9ac465ad36540e3bfb9a2a3cdbfa6b6) Signed-off-by: Vivek Kumbhar Signed-off-by: Steve Sakoman --- meta/recipes-devtools/qemu/qemu.inc | 1 + 1 file changed, 1 insertion(+) (limited to 'meta/recipes-devtools/qemu/qemu.inc') diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes-devtools/qemu/qemu.inc index 352277573b..2871818cb1 100644 --- a/meta/recipes-devtools/qemu/qemu.inc +++ b/meta/recipes-devtools/qemu/qemu.inc @@ -138,6 +138,7 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \ file://CVE-2021-3409-5.patch \ file://hw-display-qxl-Pass-requested-buffer-size-to-qxl_phy.patch \ file://CVE-2023-0330.patch \ + file://CVE-2023-3354.patch \ " UPSTREAM_CHECK_REGEX = "qemu-(?P\d+(\.\d+)+)\.tar" -- cgit v1.2.3-54-g00ecf