[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1123030: bookworm-pu: package qemu/1:7.2+dfsg-7+deb12u18

Hi Michael,

On Tue, Dec 16, 2025 at 09:26:23AM +0300, Michael Tokarev wrote:
> Package: release.debian.org
> Severity: normal
> Tags: bookworm
> X-Debbugs-Cc: qemu@packages.debian.org, pkg-qemu-devel@lists.alioth.debian.org
> Control: affects -1 + src:qemu
> User: release.debian.org@packages.debian.org
> Usertags: pu
> 
> [ Reason ]
> There are 2 new upstream stable/bugfix releases in the
> 7.2.x LTS branch.  The number of fixes this time is
> relatively small, and many of them are to the testsuite,
> in an attempt to keep tests running.
> 
> Among other things, this fixes two security issues:
>  #1119917, CVE-2025-12464 (buffer overflow in e1000_receive_iov)
>  #1117153, CVE-2025-11234 (UAF in websocket handshake code)

Just a question for proper tracking, shouldn't we consider the
CVE-2025-12464 issue only beeing introduced with 8.1.0 according to
the commit
https://lore.kernel.org/qemu-devel/20251028160042.3321933-1-peter.maydell@linaro.org/T/#u
https://gitlab.com/qemu-project/qemu/-/commit/a01344d9d78089e9e585faaeb19afccff2050abf
?

Regards,
Salvatore
Reply to: