Hi, I've had a look at the latest security issues for qemu, and it's quite unclear to me that qemu is affected by CVE-2016-7466 in wheezy. The affected source code seems to be absent, and the issue looks hard to reproduce. Concerning CVE-2016-7170, an upstream approved patch has been released, and it may apply with some adaptations on the wheezy version. Should I prepare a qemu update only for this little patch? Otherwise, I'd like to mark it as non-dsa. Regards, Hugo -- Hugo Lefeuvre (hle) | www.owl.eu.com 4096/ ACB7 B67F 197F 9B32 1533 431C AC90 AC3E C524 065E
Attachment:
signature.asc
Description: PGP signature