From 9d54930a0c37e2878bbbe221341ebbd2bdd78a22 Mon Sep 17 00:00:00 2001 From: Emily Vekariya Date: Wed, 9 Aug 2023 18:10:44 +0530 Subject: [PATCH] qemu: CVE-ID correction for CVE-2020-35505 - The commit [https://github.com/qemu/qemu/commit/995457517340] ("esp: ensure cmdfifo is not empty and current_dev is non-NULL") fixes CVE-2020-35505 instead of CVE-2020-35504. - Hence, corrected the CVE-ID in CVE-2020-35505.patch. - Reference: https://bugzilla.redhat.com/show_bug.cgi?id=1909769 Signed-off-by: Emily Vekariya Signed-off-by: Steve Sakoman --- meta/recipes-devtools/qemu/qemu/CVE-2020-35505.patch | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2020-35505.patch b/meta/recipes-devtools/qemu/qemu/CVE-2020-35505.patch index c5ff6e89ff0..40c0b1e74f8 100644 --- a/meta/recipes-devtools/qemu/qemu/CVE-2020-35505.patch +++ b/meta/recipes-devtools/qemu/qemu/CVE-2020-35505.patch @@ -20,16 +20,19 @@ Reviewed-by: Philippe Mathieu-Daudé Tested-by: Alexander Bulekov Message-Id: <20210407195801.685-7-mark.cave-ayland@ilande.co.uk> -CVE: CVE-2020-35504 +CVE: CVE-2020-35505 Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/qemu/tree/debian/patches/CVE-2020-35505.patch?h=ubuntu/focal-security Upstream commit https://github.com/qemu/qemu/commit/99545751734035b76bd372c4e7215bb337428d89 ] Signed-off-by: Chee Yang Lee +Signed-off-by: Emily Vekariya --- - hw/scsi/esp.c | 3 +++ - 1 file changed, 3 insertions(+) + hw/scsi/esp.c | 4 ++++ + 1 file changed, 4 insertions(+) +diff --git a/hw/scsi/esp.c b/hw/scsi/esp.c +index c7d701bf..c2a67bc8 100644 --- a/hw/scsi/esp.c +++ b/hw/scsi/esp.c -@@ -193,6 +193,10 @@ static void do_busid_cmd(ESPState *s, ui +@@ -193,6 +193,10 @@ static void do_busid_cmd(ESPState *s, uint8_t *buf, uint8_t busid) trace_esp_do_busid_cmd(busid); lun = busid & 7; -- 2.47.3