Re: squeeze update of qemu?

To: Michael Banck <michael.banck@credativ.de>
Cc: pkg-qemu-devel@lists.alioth.debian.org, debian-lts@lists.debian.org
Subject: Re: squeeze update of qemu?
From: Guido Günther <agx@sigxcpu.org>
Date: Wed, 17 Jun 2015 09:42:28 +0200
Message-id: <[🔎] 20150617074228.GA4906@bogon.m.sigxcpu.org>
Mail-followup-to: Guido Günther <agx@sigxcpu.org>, Michael Banck <michael.banck@credativ.de>, pkg-qemu-devel@lists.alioth.debian.org, debian-lts@lists.debian.org
In-reply-to: <[🔎] 1434379980.25171.12.camel@hartree.muc.credativ.lan>
References: <[🔎] 1434379980.25171.12.camel@hartree.muc.credativ.lan>

Hi,
On Mon, Jun 15, 2015 at 04:53:00PM +0200, Michael Banck wrote:
> Hello,
> 
> The VENOM vulnerability is unfixed in squeeze (except for
> squeeze-backports):
> 
> https://security-tracker.debian.org/tracker/CVE-2015-3456
> 
> Even though qemu is not supported in squeeze-lts, I propose to fix this
> particular vulnerability due to its severity, but make clear in the DLA
> that qemu is not supported in general (as suggest by Raphael Hertzog).
> 
> I have attached a debdiff with the backported patch for fdc.c from [1]
> and I'd appreciate review comments.

The patch looks sane to me - did you it? Althouh we don't support QEMU
in LTS a security bug fixed is a security bug fixed so I'd say go ahead
with the upload/dls if nobody else objects. If I can help with anything
or should handle the DLA let me know.

Cheers,
 -- Guido

Reply to:

References:
- squeeze update of qemu?
  - From: Michael Banck <michael.banck@credativ.de>

Prev by Date: Re: Accepted linux-2.6 2.6.32-48squeeze12 (all source) into squeeze-lts
Next by Date: Re: Accepted linux-2.6 2.6.32-48squeeze12 (all source) into squeeze-lts
Previous by thread: squeeze update of qemu?
Next by thread: squeeze update of zendframework?
Index(es):
- Date
- Thread