[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Wheezy update of qemu?

06.06.2016 04:37, Ben Hutchings wrote:
> Hello dear maintainer(s),
> the Debian LTS team would like to fix the security issues which are
> currently open in the Wheezy version of qemu:
> https://security-tracker.debian.org/tracker/CVE-2016-3710
> https://security-tracker.debian.org/tracker/CVE-2016-3712
> https://security-tracker.debian.org/tracker/CVE-2016-5238
> Would you like to take care of this yourself?

I was thinking about doing so for quite some time, and
tried to find some time and energy for that.  There are
a big bunch of new (but less important) security probs
even in testing, and even more in jessie, all of which
needs fixing.

Note that qemu and qemu-kvm needs exactly the same attention
in wheezy, basically it is the same codebase, we were just a
bit too late to make it single package as we did for jessie.
So the same changes need to be made for both packages.

> If yes, please follow the workflow we have defined here:
> https://wiki.debian.org/LTS/Development
> If that workflow is a burden to you, feel free to just prepare an
> updated source package and send it to debian-lts@lists.debian.org
> (via a debdiff, or with an URL pointing to the source package,
> or even with a pointer to your packaging repository), and the members
> of the LTS team will take care of the rest. Indicate clearly whether you
> have tested the updated package or not.
> If you don't want to take care of this update, it's not a problem, we
> will do our best with your package. Just let us know whether you would
> like to review and/or test the updated package before it gets released.

Fixing just the mentioned 3 issues isn't a problem, it can be
done more or less quickly.  Fixing other things is more difficult.
So I'll keep the issue unclaimed for now.



Reply to: