From 7769c23774d1278f60b9e40d2c0b98784de6425f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= Date: Tue, 21 Apr 2020 19:02:27 +0200 Subject: slirp: update to fix CVE-2020-1983 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This is an update on the stable-4.2 branch of libslirp.git: git shortlog 55ab21c9a3..2faae0f778f81 Marc-André Lureau (1): Fix use-afte-free in ip_reass() (CVE-2020-1983) CVE-2020-1983 is actually a follow up fix for commit 126c04acbabd7ad32c2b018fe10dfac2a3bc1210 ("Fix heap overflow in ip_reass on big packet input") which was was included in qemu v4.1 (commit e1a4a24d262ba5ac74ea1795adb3ab1cd574c7fb "slirp: update with CVE-2019-14378 fix"). Signed-off-by: Marc-André Lureau Message-id: 20200421170227.843555-1-marcandre.lureau@redhat.com Signed-off-by: Peter Maydell --- slirp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'slirp') diff --git a/slirp b/slirp index 55ab21c..2faae0f 160000 --- a/slirp +++ b/slirp @@ -1 +1 @@ -Subproject commit 55ab21c9a36852915b81f1b41ebaf3b6509dd8ba +Subproject commit 2faae0f778f818fadc873308f983289df697eb93 -- cgit v1.1