Re: Wheezy update of qemu?

Hi I'll let the person doing the update judge whether the patch is premature or not. Generally I do not think we need to wait for upstream. Best regards // Ola On 24 January 2017 at 08:57, Michael Tokarev wrote: > 24.01.2017 10:42, Ola Lundqvist wrote: >> CVE-2016-9602 > > this is about 9pfs.

Re: Wheezy update of qemu?

On Tue, Jan 24, 2017 at 10:57:11AM +0300, Michael Tokarev wrote: > 24.01.2017 10:42, Ola Lundqvist wrote: > > CVE-2016-9602 > > this is about 9pfs. In wheezy, this is hardly used by anyone, > as it is very slow and quite unstable. But yes, it migth be a > real security issue. Just as a datapoint:

Re: Wheezy update of qemu?

24.01.2017 10:42, Ola Lundqvist wrote: > CVE-2016-9602 this is about 9pfs. In wheezy, this is hardly used by anyone, as it is very slow and quite unstable. But yes, it migth be a real security issue. However, the patch for this issue isn't upstream yet, it is only seen in the redhat bugtracker. I

Re: Wheezy update of qemu?

24.01.2017 00:10, Ola Lundqvist wrote: > Hello dear maintainer(s), > > the Debian LTS team would like to fix the security issues which are > currently open in the Wheezy version of qemu: > https://security-tracker.debian.org/tracker/source-package/qemu > > Some of the issues may be minor but at l

Re: Wheezy update of qemu?

CVE-2016-9602 On 24 January 2017 at 08:38, Michael Tokarev wrote: > 24.01.2017 00:10, Ola Lundqvist wrote: >> Hello dear maintainer(s), >> >> the Debian LTS team would like to fix the security issues which are >> currently open in the Wheezy version of qemu: >> https://security-tracker.debian.org

Wheezy update of qemu-kvm?

Hello dear maintainer(s), the Debian LTS team would like to fix the security issues which are currently open in the Wheezy version of qemu-kvm: https://security-tracker.debian.org/tracker/source-package/qemu-kvm The problematic CVE is: CVE-2016-9602 The other ones may be minor so further triag

Wheezy update of qemu?

Hello dear maintainer(s), the Debian LTS team would like to fix the security issues which are currently open in the Wheezy version of qemu: https://security-tracker.debian.org/tracker/source-package/qemu Some of the issues may be minor but at least one of them require a DLA. Would you like to ta

Wheezy update of qemu?

Hello dear maintainer(s), the Debian LTS team would like to fix the security issues which are currently open in the Wheezy version of qemu: https://security-tracker.debian.org/tracker/source-package/qemu Would you like to take care of this yourself? If yes, please follow the workflow we have def

Wheezy update of qemu?

Hello dear maintainer(s), The Debian LTS team would like to fix the security issues which are currently open in the Wheezy version of qemu: https://security-tracker.debian.org/tracker/CVE-2016-8667 Would you like to take care of this yourself? If yes, please follow the workflow we have defined h

Re: Wheezy update of qemu?

On Mon, 2016-06-13 at 20:28 +0300, Michael Tokarev wrote: > 13.06.2016 19:55, Ben Hutchings wrote: > > On Mon, 2016-06-13 at 18:23 +0300, Michael Tokarev wrote: > > > 06.06.2016 04:37, Ben Hutchings wrote: > > > > Hello dear maintainer(s), > > > > > > > > the Debian LTS team would like to fix the

Re: Wheezy update of qemu?

13.06.2016 19:55, Ben Hutchings wrote: > On Mon, 2016-06-13 at 18:23 +0300, Michael Tokarev wrote: >> 06.06.2016 04:37, Ben Hutchings wrote: >>> Hello dear maintainer(s), >>> >>> the Debian LTS team would like to fix the security issues which are >>> currently open in the Wheezy version of qemu: >>

Re: Wheezy update of qemu?

On Mon, 2016-06-13 at 18:23 +0300, Michael Tokarev wrote: > 06.06.2016 04:37, Ben Hutchings wrote: > > Hello dear maintainer(s), > > > > the Debian LTS team would like to fix the security issues which are > > currently open in the Wheezy version of qemu: > > https://security-tracker.debian.org/tra

Re: Wheezy update of qemu?

06.06.2016 04:37, Ben Hutchings wrote: > Hello dear maintainer(s), > > the Debian LTS team would like to fix the security issues which are > currently open in the Wheezy version of qemu: > https://security-tracker.debian.org/tracker/CVE-2016-3710 > https://security-tracker.debian.org/tracker/CVE-2

Re: Wheezy update of qemu-kvm?

On Wed, Jun 08, 2016 at 02:32:55PM +0200, Raphael Hertzog wrote: > Hi, > > On Tue, 07 Jun 2016, Guido Günther wrote: > > I'm not happy with this either. We could try to support it on a best > > effor basis if this helps anything. I assume most people are running not > > with mostly trusted guests.

Re: Wheezy update of qemu-kvm?

Hi, On Tue, 07 Jun 2016, Guido Günther wrote: > I'm not happy with this either. We could try to support it on a best > effor basis if this helps anything. I assume most people are running not > with mostly trusted guests. So we got answers from the sponsors with qemu/qemu-kvm listed and most of t

Re: Wheezy update of qemu-kvm?

Hi Raphael, On Tue, Jun 07, 2016 at 10:16:38AM +0200, Raphael Hertzog wrote: > On Tue, 07 Jun 2016, Guido Günther wrote: > > I do agree it should not have been EOLed yet but given the feedback to > > > > https://lists.debian.org/debian-lts/2016/04/msg2.html > > > > I'll EOL qemu/qemu-kvm

Re: Wheezy update of qemu-kvm?

On Tue, 07 Jun 2016, Guido Günther wrote: > I do agree it should not have been EOLed yet but given the feedback to > > https://lists.debian.org/debian-lts/2016/04/msg2.html > > I'll EOL qemu/qemu-kvm by the end of the week by adding it to > security-support-ended and sending a short annou

Re: Wheezy update of qemu-kvm?

Hi, On Mon, Jun 06, 2016 at 11:19:52PM +0100, Ben Hutchings wrote: > On Mon, 2016-06-06 at 22:33 +0200, Ola Lundqvist wrote: > > Hi Ben > > > > I can see the following note: > > [wheezy] - qemu (Not supported in Wheezy LTS) > > [wheezy] - qemu-kvm (Not supported in Wheezy LTS) > > > > Don't thi

Re: Wheezy update of qemu-kvm?

On Mon, 2016-06-06 at 22:33 +0200, Ola Lundqvist wrote: > Hi Ben > > I can see the following note: > [wheezy] - qemu (Not supported in Wheezy LTS) > [wheezy] - qemu-kvm (Not supported in Wheezy LTS) > > Don't this mean that we should not update this package? There has been discussion of droppi

Re: Wheezy update of qemu?

Hi Ben I can see the following note: [wheezy] - qemu (Not supported in Wheezy LTS) [wheezy] - qemu-kvm (Not supported in Wheezy LTS) Don't this mean that we should not update this package? Cheers // Ola On Mon, Jun 6, 2016 at 3:37 AM, Ben Hutchings wrote: > Hello dear maintainer(s), > > th

Re: Wheezy update of qemu-kvm?

Hi Ben I can see the following note: [wheezy] - qemu (Not supported in Wheezy LTS) [wheezy] - qemu-kvm (Not supported in Wheezy LTS) Don't this mean that we should not update this package? Cheers // Ola On Mon, Jun 6, 2016 at 3:37 AM, Ben Hutchings wrote: > Hello dear maintainer(s), > > th

Re: Wheezy update of qemu?

06.06.2016 04:37, Ben Hutchings wrote: > Hello dear maintainer(s), > > the Debian LTS team would like to fix the security issues which are > currently open in the Wheezy version of qemu: > https://security-tracker.debian.org/tracker/CVE-2016-3710 > https://security-tracker.debian.org/tracker/CVE-2

Wheezy update of qemu-kvm?

Hello dear maintainer(s), the Debian LTS team would like to fix the security issues which are currently open in the Wheezy version of qemu-kvm: https://security-tracker.debian.org/tracker/CVE-2015-8666 https://security-tracker.debian.org/tracker/CVE-2016-3710 https://security-tracker.debian.org/tr

Wheezy update of qemu?

Hello dear maintainer(s), the Debian LTS team would like to fix the security issues which are currently open in the Wheezy version of qemu: https://security-tracker.debian.org/tracker/CVE-2016-3710 https://security-tracker.debian.org/tracker/CVE-2016-3712 https://security-tracker.debian.org/tracke