[Libguestfs] [nbdkit PATCH v2 0/2] Fix two assertion failures on large block size

Wednesday, 23 April 2025

Still waiting on Red Hat's security team to decide if these get CVE
designations, but at this point, we consider the impact to be low
enough severity (easy to avoid if your server rejects malicious
clients by the use of TLS) and related enough that there is no longer
any need to embargo the second one.

I'll wait a bit longer to apply, to provide time to update the subject
lines according to whether we get CVEs assigned.

Eric Blake (2):
  server: Fix off-by-one for maximum block_status length [CVE-XXX]
  blocksize: Fix 32-bit overflow in .extents [CVE-XXXX]

 tests/Makefile.am                        |  4 ++
 server/protocol.c                        |  2 +-
 filters/blocksize/blocksize.c            |  5 +-
 tests/test-blocksize-extents-overflow.sh | 83 ++++++++++++++++++++++++
 tests/test-eval-extents.sh               | 71 ++++++++++++++++++++
 5 files changed, 162 insertions(+), 3 deletions(-)
 create mode 100755 tests/test-blocksize-extents-overflow.sh
 create mode 100755 tests/test-eval-extents.sh

-- 
2.49.0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

[Libguestfs] [nbdkit PATCH v2 0/2] Fix two assertion failures on large block size