[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Wheezy update of icu?

On Thu, Sep 08, 2016 at 06:45:28AM -0400, Roberto C. Sánchez wrote:
> On Thu, Sep 08, 2016 at 07:29:55AM +0200, Guido Günther wrote:
> > 
> > If you find useful information on e.g. howto reproduce the bug or about
> > the proper upstream fix use
> > 
> >    NOTE:
> > 
> > See e.g. this entry from the top of the current data/CVE/list:
> > 
> > 
> > CVE-2016-7155 [scsi: pvscsi: OOB read and infinite loop while setting descriptor rings]
> >         - qemu <unfixed>
> >         - qemu-kvm <removed>
> >         NOTE: Upstream patch: https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg00050.html
> >         NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1373462
> >         NOTE: http://www.openwall.com/lists/oss-security/2016/09/06/2
> > 
> 
> Thanks for the explanation.  It looks like someone already annotated
> icu, so I will keep this in mind for next time.

Thanks.

And please add that to the checklist/onboarding process of new people working on Freexian/LTS.

Cheers,
        Moritz
Reply to: