Re: squeeze update of qemu?
Hi,
On Mon, Jun 15, 2015 at 04:53:00PM +0200, Michael Banck wrote:
> Hello,
>
> The VENOM vulnerability is unfixed in squeeze (except for
> squeeze-backports):
>
> https://security-tracker.debian.org/tracker/CVE-2015-3456
>
> Even though qemu is not supported in squeeze-lts, I propose to fix this
> particular vulnerability due to its severity, but make clear in the DLA
> that qemu is not supported in general (as suggest by Raphael Hertzog).
>
> I have attached a debdiff with the backported patch for fdc.c from [1]
> and I'd appreciate review comments.
The patch looks sane to me - did you it? Althouh we don't support QEMU
in LTS a security bug fixed is a security bug fixed so I'd say go ahead
with the upload/dls if nobody else objects. If I can help with anything
or should handle the DLA let me know.
Cheers,
-- Guido
Reply to: