| Message ID | 1427901405-25602-1-git-send-email-kraxel@redhat.com |
|---|---|
| State | New |
| Headers | show |
On 1 April 2015 at 16:16, Gerd Hoffmann <kraxel@redhat.com> wrote: > Hi, > > $subject says all, here are the cve-2015-1779 fixes for vnc websockets > from Daniel P. Berrange for 2.3-rc2. > > v2 fixes the 32bit build failure. > > please pull, > Gerd > > The following changes since commit b8a86c4ac4d04c106ba38fbd707041cba334a155: > > Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging (2015-04-01 11:31:31 +0100) > > are available in the git repository at: > > > git://git.kraxel.org/qemu tags/pull-cve-2015-1779-20150401-2 > > for you to fetch changes up to 2cdb5e142fb93e875fa53c52864ef5eb8d5d8b41: > > CVE-2015-1779: limit size of HTTP headers from websockets clients (2015-04-01 17:12:55 +0200) > > ---------------------------------------------------------------- > vnc: fix websocket security issues (cve-2015-1779). > > ---------------------------------------------------------------- Applied, thanks. -- PMM
Hi, $subject says all, here are the cve-2015-1779 fixes for vnc websockets from Daniel P. Berrange for 2.3-rc2. v2 fixes the 32bit build failure. please pull, Gerd The following changes since commit b8a86c4ac4d04c106ba38fbd707041cba334a155: Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging (2015-04-01 11:31:31 +0100) are available in the git repository at: git://git.kraxel.org/qemu tags/pull-cve-2015-1779-20150401-2 for you to fetch changes up to 2cdb5e142fb93e875fa53c52864ef5eb8d5d8b41: CVE-2015-1779: limit size of HTTP headers from websockets clients (2015-04-01 17:12:55 +0200) ---------------------------------------------------------------- vnc: fix websocket security issues (cve-2015-1779). ---------------------------------------------------------------- Daniel P. Berrange (2): CVE-2015-1779: incrementally decode websocket frames CVE-2015-1779: limit size of HTTP headers from websockets clients ui/vnc-ws.c | 115 +++++++++++++++++++++++++++++++++++++++++------------------- ui/vnc-ws.h | 9 +++-- ui/vnc.h | 2 ++ 3 files changed, 88 insertions(+), 38 deletions(-)