Re: Wheezy update of qemu?

To: Ben Hutchings <benh@debian.org>, Debian QEMU Team <pkg-qemu-devel@lists.alioth.debian.org>
Cc: debian-lts@lists.debian.org
Subject: Re: Wheezy update of qemu?
From: Michael Tokarev <mjt@tls.msk.ru>
Date: Mon, 13 Jun 2016 18:23:33 +0300
Message-id: <[🔎] 575ECFF5.1030901@msgid.tls.msk.ru>
In-reply-to: <[🔎] 1465177020.2847.257.camel@debian.org>
References: <[🔎] 1465177020.2847.257.camel@debian.org>

06.06.2016 04:37, Ben Hutchings wrote:
> Hello dear maintainer(s),
> 
> the Debian LTS team would like to fix the security issues which are
> currently open in the Wheezy version of qemu:
> https://security-tracker.debian.org/tracker/CVE-2016-3710
> https://security-tracker.debian.org/tracker/CVE-2016-3712
> https://security-tracker.debian.org/tracker/CVE-2016-5238

Why these 3?  I can see why you want to fix the 2 VGA vulns
(3710 & 3712 above), but 5238?  Note that while the bug might
look more or less serious, the device in question is not a
very commonly used one.  I don't know if it is used at all.
More, this prob is nearly impossibe to hit in practice.

And even more, this prob isn't fixed in sid yet, as of today
the fix hasn't landed in upstream git still.

VGA bugs are worth to fix for sure.

/mjt

Reply to:

Follow-Ups:
- Re: Wheezy update of qemu?
  - From: Ben Hutchings <benh@debian.org>

References:
- Wheezy update of qemu?
  - From: Ben Hutchings <benh@debian.org>

Prev by Date: Re: Wheezy update of qemu-kvm?
Next by Date: Re: Wheezy update of qemu?
Previous by thread: Re: Wheezy update of qemu?
Next by thread: Re: Wheezy update of qemu?
Index(es):
- Date
- Thread