On Thu, Sep 08, 2016 at 10:22:36PM +0200, Hugo Lefeuvre wrote: > diff -Nru qemu-1.1.2+dfsg/debian/patches/series > qemu-1.1.2+dfsg/debian/patches/series > --- qemu-1.1.2+dfsg/debian/patches/series 2016-07-29 18:22:00.000000000 > +0200 > +++ qemu-1.1.2+dfsg/debian/patches/series 2016-09-07 11:23:34.000000000 > +0200 > @@ -1,3 +1,8 @@ > +# 3 patches to fix CVE-2016-7116 > +security/CVE-2016-7116-fix-walk-root-dir.patch > +security/CVE-2016-7116-forbid-illegal-path-names.patch > +security/CVE-2016-7116-forbid-illegal-file-names.patch > + > 02_kfreebsd.patch > qemu-ifunc-sparc.patch > configure-nss-usbredir.patch
Minor nitpick: It's better to add the patches at the end of the series file to keep the order of security updates (in case patches build on each other), this also groups all security updates after the release nicely and makes it easy to spot the last additions. Cheers, -- Guido
