[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: squeeze update of qemu?

On Mon, Jun 15, 2015 at 04:53:00PM +0200, Michael Banck wrote:
> Hello,
> The VENOM vulnerability is unfixed in squeeze (except for
> squeeze-backports):
> https://security-tracker.debian.org/tracker/CVE-2015-3456
> Even though qemu is not supported in squeeze-lts, I propose to fix this
> particular vulnerability due to its severity, but make clear in the DLA
> that qemu is not supported in general (as suggest by Raphael Hertzog).
> I have attached a debdiff with the backported patch for fdc.c from [1]
> and I'd appreciate review comments.

The patch looks sane to me - did you it? Althouh we don't support QEMU
in LTS a security bug fixed is a security bug fixed so I'd say go ahead
with the upload/dls if nobody else objects. If I can help with anything
or should handle the DLA let me know.

 -- Guido

Reply to: