06.06.2016 04:37, Ben Hutchings wrote: > Hello dear maintainer(s), > > the Debian LTS team would like to fix the security issues which are > currently open in the Wheezy version of qemu: > https://security-tracker.debian.org/tracker/CVE-2016-3710 > https://security-tracker.debian.org/tracker/CVE-2016-3712 > https://security-tracker.debian.org/tracker/CVE-2016-5238 > > Would you like to take care of this yourself?
I was thinking about doing so for quite some time, and tried to find some time and energy for that. There are a big bunch of new (but less important) security probs even in testing, and even more in jessie, all of which needs fixing. Note that qemu and qemu-kvm needs exactly the same attention in wheezy, basically it is the same codebase, we were just a bit too late to make it single package as we did for jessie. So the same changes need to be made for both packages. > If yes, please follow the workflow we have defined here: > https://wiki.debian.org/LTS/Development > > If that workflow is a burden to you, feel free to just prepare an > updated source package and send it to [email protected] > (via a debdiff, or with an URL pointing to the source package, > or even with a pointer to your packaging repository), and the members > of the LTS team will take care of the rest. Indicate clearly whether you > have tested the updated package or not. > > If you don't want to take care of this update, it's not a problem, we > will do our best with your package. Just let us know whether you would > like to review and/or test the updated package before it gets released. Fixing just the mentioned 3 issues isn't a problem, it can be done more or less quickly. Fixing other things is more difficult. So I'll keep the issue unclaimed for now. Thanks, /mjt
