block/curl: disable extra protocols to prevent CVE-2013-0249 - bwlp/qemu.git - Experimental fork of QEMU with video encoding patches

diff options

author	Stefan Hajnoczi	2013-02-08 08:49:10 +0100
committer	Anthony Liguori	2013-02-08 18:14:20 +0100
commit	fb6d1bbd246c7a57ef53d3847ef225cd1349d602 (patch)
tree	81248ebd26fd657f0c90dcd8140253f5829c0e4c /pc-bios/openbios-sparc64
parent	qemu-nbd: document --cache and --aio options (diff)
download	qemu-fb6d1bbd246c7a57ef53d3847ef225cd1349d602.tar.gz qemu-fb6d1bbd246c7a57ef53d3847ef225cd1349d602.tar.xz qemu-fb6d1bbd246c7a57ef53d3847ef225cd1349d602.zip

block/curl: disable extra protocols to prevent CVE-2013-0249

There is a buffer overflow in libcurl POP3/SMTP/IMAP. The workaround is simple: disable extra protocols so that they cannot be exploited. Full details here: http://curl.haxx.se/docs/adv_20130206.html QEMU only cares about HTTP, HTTPS, FTP, FTPS, and TFTP. I have tested that this fix prevents the exploit on my host with libcurl-7.27.0-5.fc18. Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>

Diffstat (limited to 'pc-bios/openbios-sparc64')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: