qemu: security bump to version 2.10.2
Fixes the following security issues:
CVE-2017-13672: QEMU (aka Quick Emulator), when built with the VGA display
emulator support, allows local guest OS privileged users to cause a denial
of service (out-of-bounds read and QEMU process crash) via vectors involving
display update.
CVE-2017-15118: Stack buffer overflow in NBD server triggered via long
export name
CVE-2017-15119: DoS via large option request
CVE-2017-15268: Qemu through 2.10.0 allows remote attackers to cause a
memory leak by triggering slow data-channel read operations, related to
io/channel-websock.c.
For more details, see the release announcement:
https://lists.nongnu.org/archive/html/qemu-devel/2017-12/msg03618.html
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
projects / buildroot.git / commit