Bug#1076504: bookworm-pu: package qemu/1:7.2+dfsg-7+deb12u7
Hi,
On Sat, Aug 17, 2024 at 05:34:45PM +0100, Adam D. Barratt wrote:
> Control: tags -1 + confirmed
>
> On Wed, 2024-07-17 at 15:15 +0300, Michael Tokarev wrote:
> > [ Reason ]
> > There were 2 qemu stable/bugfix releases (7.2.12 and 7.2.13) since
> > the previous debian release, fixing a number of various issues.
> > It would be nice to have these fixes in debian too, so debian users
> > will benefit from the qemu stable series.
> >
> > Among others, this release fixes an important security issue:
> > CVE-2024-4467, #1075824.
> >
> > Unfortunately, this release does not include fix for CVE-2024-6505
> > (#1075919), since no information about this one is known at this
> > time.
> [...]
> > Maybe it's better to push this update through debian-security
> > instead of regular stable-proposed-updates. Cc'ing
> > team@security.d.o for this. Or maybe it's better to include
> > just the CVE-2024-4467 fix now in a security update, and revert
> > it for next s-p-u which includes whole upstream thing.
>
> It looks like nothing happened there?
Sorry for not replying.
Yes, please let it have fixed via the upcoming point release.
Regards,
Salvatore
Reply to: