Bug#859599: unblock: qemu/1:2.8+dfsg-4

To: Niels Thykier <niels@thykier.net>, 859599@bugs.debian.org
Subject: Bug#859599: unblock: qemu/1:2.8+dfsg-4
From: Michael Tokarev <mjt@tls.msk.ru>
Date: Wed, 19 Apr 2017 18:41:17 +0300
Message-id: <[🔎] 793e44da-e0e8-d971-bcda-6c121fcdc0b9@msgid.tls.msk.ru>
Reply-to: Michael Tokarev <mjt@tls.msk.ru>, 859599@bugs.debian.org
In-reply-to: <dbbf4774-a7d7-5029-3807-123e2153ebd6@tls.msk.ru>
References: <[🔎] 20170405063519.6117.10204.reportbug@localhost> <[🔎] b208e89f-52dc-7cd0-cfdd-25d76e6473c5@thykier.net> <dbbf4774-a7d7-5029-3807-123e2153ebd6@tls.msk.ru>

19.04.2017 14:31, Michael Tokarev пишет:
> Control: tag -1 - moreinfo
> 
> 18.04.2017 11:06, Niels Thykier wrote:
> 
>>> unblock qemu/1:2.8+dfsg-4
> 
>> Hi Michael,
>>
>> Please go ahead with this change set and let us know once it has been
>> built on all relevant release architectures in unstable.
> 
> Thank you very much!  It wasn't an easy job on your part.
> 
> It's uploaded and built on all release architectures now.

One more thing I forgot to mention.  Besides the already discussed
debdiff there's ONE MORE change I added to the uploaded version,
very small, I forgot to mention debian bug# for CVE-2017-7377 fix.
Here's the diff between the unblock request and the actual upload
(the change is in the changelog, mentioning closing of #859854,
and modified patch headers to include the same info):

diff -u -r qemu-2.8+dfsg-4_/debian/changelog qemu-2.8+dfsg-4/debian/changelog
--- qemu-2.8+dfsg-4_/debian/changelog	2017-04-19 18:35:46.086278674 +0300
+++ qemu-2.8+dfsg-4/debian/changelog	2017-04-03 16:28:49.000000000 +0300
@@ -21,7 +21,7 @@
      vmxnet3-fix-memory-corruption-on-vlan-header-stripping-CVE-2017-6058.patch
   * bump seabios dependency to 1.10.2 due to ahci fix in 2.8.1
   * 9pfs-fix-file-descriptor-leak-CVE-2017-7377.patch
-    Closes: CVE-2017-7377
+    (Closes: #859854, CVE-2017-7377)
   * dma-rc4030-limit-interval-timer-reload-value-CVE-2016-8667.patch
     Closes: #840950, CVE-2016-8667
   * make d/control un-writable to stop users from changing a generated file
diff -u -r qemu-2.8+dfsg-4_/debian/patches/9pfs-fix-file-descriptor-leak-CVE-2017-7377.patch
qemu-2.8+dfsg-4/debian/patches/9pfs-fix-file-descriptor-leak-CVE-2017-7377.patch
--- qemu-2.8+dfsg-4_/debian/patches/9pfs-fix-file-descriptor-leak-CVE-2017-7377.patch	2017-04-19 18:35:46.086278674 +0300
+++ qemu-2.8+dfsg-4/debian/patches/9pfs-fix-file-descriptor-leak-CVE-2017-7377.patch	2017-04-03 16:28:49.000000000 +0300
@@ -1,8 +1,8 @@
 From: Li Qiang <liq3ea@gmail.com>
 Date: Mon, 27 Mar 2017 21:13:19 +0200
-Subject: 9pfs: fix file descriptor leak
+Subject: 9pfs: fix file descriptor leak (CVE-2017-7377)
 Commit-Id: d63fb193e71644a073b77ff5ac6f1216f2f6cf6e
-Bug-Debian: http://security-tracker.debian.org/tracker/CVE-2017-7377
+Bug-Debian: http://bugs.debian.org/859854

 The v9fs_create() and v9fs_lcreate() functions are used to create a file
 on the backend and to associate it to a fid. The fid shouldn't be already

Reply to:

References:
- Bug#859599: unblock: qemu/1:2.8+dfsg-4
  - From: Michael Tokarev <mjt@tls.msk.ru>
- Bug#859599: unblock: qemu/1:2.8+dfsg-4
  - From: Niels Thykier <niels@thykier.net>

Prev by Date: Bug#860712: marked as done (unblock: gnumed-client/1.6.11+dfsg-2)
Next by Date: Bug#860448: marked as done (unblock: (pre-approval) openldap/2.4.44+dfsg-4)
Previous by thread: Bug#859599: unblock: qemu/1:2.8+dfsg-4
Next by thread: Processed: Re: Bug#859599: unblock: qemu/1:2.8+dfsg-4
Index(es):
- Date
- Thread