On 21.11.2017 16:45, [email protected] wrote: > > https://security-tracker.debian.org/tracker/CVE-2017-9060 > https://security-tracker.debian.org/tracker/CVE-2017-5578 > > The notes at the bottom assume virtio gpu doesn't need security patches > because "1:2.8+dfsg-2 upload reverts enable virtio gpu (virglrenderer) and > opengl support" > > Virtio GPU can be used without virgl 3d accleration. I want to make sure > security patches for it aren't ignored in the fu
The mentioned CVEs applies to 3d portion, which is indeed disabled in stretch. These CVEs are only as important as we care about an ussue which only exists in the SOURCE. These parts of qemu aren't compiled into binary shipped in Debian. I don't see a problem with that at all, I don't see why do you want to patch a bug whch does not exists in Debian binary archive. Besides, why are you filing a bugreport about this? :) Thanks, /mjt
