Re: qemu: CVE-2016-7116
On Fri, Sep 02, 2016 at 12:12:17PM +0200, Hugo Lefeuvre wrote:
> I've had a quick look at CVE-2016-7116 and would be interested by working on
> it. Upstream provided a patch, which looks 'relatively' simple and seems to
> apply well with some adaptations. However, the names of the concerned files have
> changed (e.g. virtio-9p.c -> 9p.c). I think this isn't very important since
> the sourcecode hasn't changed too much, but, just to make sure, could anybody
> have a second look at it (and, before I send a message to the maintainers,
> confirm me that we should support qemu in wheezy LTS) ?
Yes, qemu is supported (and there has was lots of file renaming after
the Wheezy version). If you handle qemu please look at qemu-kvm as well
(they're the same version).
> Thanks !
>  https://security-tracker.debian.org/tracker/CVE-2016-7116
>  http://git.qemu.org/?p=qemu.git;a=commit;h=56f101ecce0eafd09e2daf1c4eeb1377d6959261
>  http://sources.debian.net/src/qemu/1:2.1%2Bdfsg-12%2Bdeb8u5a~bpo70%2B1/hw/9pfs/
> Hugo Lefeuvre (hle) | www.owl.eu.com
> 4096/ ACB7 B67F 197F 9B32 1533 431C AC90 AC3E C524 065E