]> Git Repo - qemu.git/commit
projects / qemu.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 0eb256a) | patch
block/curl: disable extra protocols to prevent CVE-2013-0249
authorStefan Hajnoczi <[email protected]>
Fri, 8 Feb 2013 07:49:10 +0000 (08:49 +0100)
committerAnthony Liguori <[email protected]>
Fri, 8 Feb 2013 17:14:20 +0000 (11:14 -0600)
commitfb6d1bbd246c7a57ef53d3847ef225cd1349d602
tree81248ebd26fd657f0c90dcd8140253f5829c0e4ctree | snapshot
parent0eb256a2173d35c64696189adcd3599be61922efcommit | diff
block/curl: disable extra protocols to prevent CVE-2013-0249

There is a buffer overflow in libcurl POP3/SMTP/IMAP.  The workaround is
simple: disable extra protocols so that they cannot be exploited.  Full
details here:

  http://curl.haxx.se/docs/adv_20130206.html

QEMU only cares about HTTP, HTTPS, FTP, FTPS, and TFTP.  I have tested
that this fix prevents the exploit on my host with
libcurl-7.27.0-5.fc18.

Signed-off-by: Stefan Hajnoczi <[email protected]>
Signed-off-by: Anthony Liguori <[email protected]>
block/curl.c diff | blob | blame | history
Empty description
This page took 0.024174 seconds and 4 git commands to generate.