20.02.2014 12:24, Moritz Muehlenhoff wrote: > Package: qemu > Severity: grave > Tags: security > > Hi, > multiple security issues were reported in qemu/KVM: [...]
These are all about the same thing, with references to 23 patches from the same thread starting there: http://lists.gnu.org/archive/html/qemu-devel/2013-12/msg00394.html It is about state loading issues, which is about migration between two (hopefully) qemu instances or guest save/load functionality. The first message in the series explains conditions when this can happen. In particular, this conclusion: Considering the preconditions, I think that the impact on typical qemu usage is low. Still, I think these patches make sense for qemu-stable. So it has even been questioned whenever those fixes are good for the next qemu stable release or not. But now I'm not really sure what to do with this bugreport. It is a good amount of work, especially to backport those to wheezy (since code changed significantly since that), with quite low outcome (because the whole thing does not seem very important, even for qemu developers - note that this patchset hasn't been applied still, which might be due to another issue in qemu community). So.. oh well. I'd really love to not backport all this shit to wheezy... ;) Thanks, /mjt -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
