Description of problem:
The recent fix to validate the frontend's frame buffer description
neglected to limit the frame buffer size correctly. This lets a
malicious frontend make the backend attempt to map an arbitrary amount
of guest memory, which could be useful for a denial of service attack
Proposed upstream patch:
This fix is a sophisticated solution (another catch) for CVE-2008-1943.
This is fixed in all the relevant streams, so closing this tracker as CURRENTRELEASE.