18.04.2014 15:40, Adam D. Barratt wrote: > On 2014-04-13 19:05, Michael Tokarev wrote: [] >>>> There's a pending security update for qemu fixing CVE-2014-0150 (#744221), >>>> which uploads +deb7u1 for both qemu and qemu-kvm, fwiw. >>> >>> Okay, thanks. >>> >>> I guess the stable updates should be +deb7u2 then, incorporating the u1 >>> upload, once it's released. >> >> Yes indeed. And I want to take care of this, again, once security fix will >> be released. > > I noticed that the security updates have now been released. > > Not wishing to chase, just a gentle reminder that the window for getting > updates in to 7.5 closes over the weekend. (Although getting in to 7.6 > instead is presumably not a huge problem.)
I've another security bugfix for qemu+qemu-kvm, CVE-2014-2894, assigned today, see https://lists.nongnu.org/archive/html/qemu-devel/2014-04/msg02016.html The fix is also one-liner. Maybe we can combine the two - this #742386 and CVE-2014-2894 - into single pu? If not, I guess I'll go with this #742386 first and CVE-2014-2894 on top of it. Thanks, /mjt -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/53511284.7070...@msgid.tls.msk.ru