Hi, On Mon, Jun 15, 2015 at 04:53:00PM +0200, Michael Banck wrote: > Hello, > > The VENOM vulnerability is unfixed in squeeze (except for > squeeze-backports): > > https://security-tracker.debian.org/tracker/CVE-2015-3456 > > Even though qemu is not supported in squeeze-lts, I propose to fix this > particular vulnerability due to its severity, but make clear in the DLA > that qemu is not supported in general (as suggest by Raphael Hertzog). > > I have attached a debdiff with the backported patch for fdc.c from [1] > and I'd appreciate review comments.
The patch looks sane to me - did you it? Althouh we don't support QEMU in LTS a security bug fixed is a security bug fixed so I'd say go ahead with the upload/dls if nobody else objects. If I can help with anything or should handle the DLA let me know. Cheers, -- Guido -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: https://lists.debian.org/[email protected]
