On Thu, Sep 08, 2016 at 06:45:28AM -0400, Roberto C. Sánchez wrote:
> On Thu, Sep 08, 2016 at 07:29:55AM +0200, Guido Günther wrote:
> >
> > If you find useful information on e.g. howto reproduce the bug or about
> > the proper upstream fix use
> >
> > NOTE:
> >
> > See e.g. this entry from the top of the current data/CVE/list:
> >
> >
> > CVE-2016-7155 [scsi: pvscsi: OOB read and infinite loop while setting
> > descriptor rings]
> > - qemu <unfixed>
> > - qemu-kvm <removed>
> > NOTE: Upstream patch:
> > https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg00050.html
> > NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1373462
> > NOTE: http://www.openwall.com/lists/oss-security/2016/09/06/2
> >
>
> Thanks for the explanation. It looks like someone already annotated
> icu, so I will keep this in mind for next time.
Thanks.
And please add that to the checklist/onboarding process of new people working
on Freexian/LTS.
Cheers,
Moritz
