[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#742386: wheezy-pu: package qemu/1.1.2+dfsg-6a+deb7u1



On 2014-04-18 12:54, Michael Tokarev wrote:
18.04.2014 15:40, Adam D. Barratt wrote:
Not wishing to chase, just a gentle reminder that the window for getting updates in to 7.5 closes over the weekend. (Although getting in to 7.6 instead is presumably not a huge problem.)

I've another security bugfix for qemu+qemu-kvm, CVE-2014-2894,
assigned today, see
https://lists.nongnu.org/archive/html/qemu-devel/2014-04/msg02016.html
The fix is also one-liner.

Maybe we can combine the two - this #742386 and CVE-2014-2894 - into single pu?

Looking at the source for the 2.0.0 packages uploaded to unstable yesterday, it looks like they contain the CVE fix? If so then the security-tracker needs updating, as https://security-tracker.debian.org/tracker/CVE-2014-2894 lists unstable as vulnerable. If the security team don't plan to issue a DSA for the issue (which I don't know if they've decided yet) then the patch looks sane enough to include in the p-u.

Regards,

Adam


Reply to: