Hi, On Sat, Aug 17, 2024 at 05:34:45PM +0100, Adam D. Barratt wrote: > Control: tags -1 + confirmed > > On Wed, 2024-07-17 at 15:15 +0300, Michael Tokarev wrote: > > [ Reason ] > > There were 2 qemu stable/bugfix releases (7.2.12 and 7.2.13) since > > the previous debian release, fixing a number of various issues. > > It would be nice to have these fixes in debian too, so debian users > > will benefit from the qemu stable series. > > > > Among others, this release fixes an important security issue: > > CVE-2024-4467, #1075824. > > > > Unfortunately, this release does not include fix for CVE-2024-6505 > > (#1075919), since no information about this one is known at this > > time. > [...] > > Maybe it's better to push this update through debian-security > > instead of regular stable-proposed-updates. Cc'ing > > [email protected] for this. Or maybe it's better to include > > just the CVE-2024-4467 fix now in a security update, and revert > > it for next s-p-u which includes whole upstream thing. > > It looks like nothing happened there?
Sorry for not replying. Yes, please let it have fixed via the upcoming point release. Regards, Salvatore
