From: Emily Vekariya Date: Wed, 9 Aug 2023 12:40:44 +0000 (+0530) Subject: qemu: CVE-ID correction for CVE-2020-35505 X-Git-Tag: yocto-3.1.28~47 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9d54930a0c37e2878bbbe221341ebbd2bdd78a22;p=thirdparty%2Fopenembedded%2Fopenembedded-core.git qemu: CVE-ID correction for CVE-2020-35505 - The commit [https://github.com/qemu/qemu/commit/995457517340] ("esp: ensure cmdfifo is not empty and current_dev is non-NULL") fixes CVE-2020-35505 instead of CVE-2020-35504. - Hence, corrected the CVE-ID in CVE-2020-35505.patch. - Reference: https://bugzilla.redhat.com/show_bug.cgi?id=1909769 Signed-off-by: Emily Vekariya Signed-off-by: Steve Sakoman --- diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2020-35505.patch b/meta/recipes-devtools/qemu/qemu/CVE-2020-35505.patch index c5ff6e89ff0..40c0b1e74f8 100644 --- a/meta/recipes-devtools/qemu/qemu/CVE-2020-35505.patch +++ b/meta/recipes-devtools/qemu/qemu/CVE-2020-35505.patch @@ -20,16 +20,19 @@ Reviewed-by: Philippe Mathieu-Daudé Tested-by: Alexander Bulekov Message-Id: <20210407195801.685-7-mark.cave-ayland@ilande.co.uk> -CVE: CVE-2020-35504 +CVE: CVE-2020-35505 Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/qemu/tree/debian/patches/CVE-2020-35505.patch?h=ubuntu/focal-security Upstream commit https://github.com/qemu/qemu/commit/99545751734035b76bd372c4e7215bb337428d89 ] Signed-off-by: Chee Yang Lee +Signed-off-by: Emily Vekariya --- - hw/scsi/esp.c | 3 +++ - 1 file changed, 3 insertions(+) + hw/scsi/esp.c | 4 ++++ + 1 file changed, 4 insertions(+) +diff --git a/hw/scsi/esp.c b/hw/scsi/esp.c +index c7d701bf..c2a67bc8 100644 --- a/hw/scsi/esp.c +++ b/hw/scsi/esp.c -@@ -193,6 +193,10 @@ static void do_busid_cmd(ESPState *s, ui +@@ -193,6 +193,10 @@ static void do_busid_cmd(ESPState *s, uint8_t *buf, uint8_t busid) trace_esp_do_busid_cmd(busid); lun = busid & 7;