[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: qemu: CVE-2016-7116

On Fri, Sep 02, 2016 at 12:12:17PM +0200, Hugo Lefeuvre wrote:
> Hi,
> 
> I've had a quick look at CVE-2016-7116[0] and would be interested by working on
> it. Upstream provided a patch[1], which looks 'relatively' simple and seems to
> apply well with some adaptations. However, the names of the concerned files have
> changed[2] (e.g. virtio-9p.c -> 9p.c). I think this isn't very important since
> the sourcecode hasn't changed too much, but, just to make sure, could anybody
> have a second look at it (and, before I send a message to the maintainers,
> confirm me that we should support qemu in wheezy LTS) ?

Yes, qemu is supported (and there has was lots of file renaming after
the Wheezy version). If you handle qemu please look at qemu-kvm as well
(they're the same version).

Cheers,
 -- Guido

> 
> Thanks !
> 
> Cheers,
>  Hugo
> 
> [0] https://security-tracker.debian.org/tracker/CVE-2016-7116
> [1] http://git.qemu.org/?p=qemu.git;a=commit;h=56f101ecce0eafd09e2daf1c4eeb1377d6959261
> [2] http://sources.debian.net/src/qemu/1:2.1%2Bdfsg-12%2Bdeb8u5a~bpo70%2B1/hw/9pfs/
> 
> -- 
>              Hugo Lefeuvre (hle)    |    www.owl.eu.com
> 4096/ ACB7 B67F 197F 9B32 1533 431C AC90 AC3E C524 065E
Reply to: