[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Wheezy update of qemu?

06.06.2016 04:37, Ben Hutchings wrote:
> Hello dear maintainer(s),
> the Debian LTS team would like to fix the security issues which are
> currently open in the Wheezy version of qemu:
> https://security-tracker.debian.org/tracker/CVE-2016-3710
> https://security-tracker.debian.org/tracker/CVE-2016-3712
> https://security-tracker.debian.org/tracker/CVE-2016-5238

Why these 3?  I can see why you want to fix the 2 VGA vulns
(3710 & 3712 above), but 5238?  Note that while the bug might
look more or less serious, the device in question is not a
very commonly used one.  I don't know if it is used at all.
More, this prob is nearly impossibe to hit in practice.

And even more, this prob isn't fixed in sid yet, as of today
the fix hasn't landed in upstream git still.

VGA bugs are worth to fix for sure.


Reply to: