Hi, On Sun, Aug 18, 2024 at 02:39:09PM +0200, Salvatore Bonaccorso wrote: > Hi, > > On Sat, Aug 17, 2024 at 05:34:45PM +0100, Adam D. Barratt wrote: > > Control: tags -1 + confirmed > > > > On Wed, 2024-07-17 at 15:15 +0300, Michael Tokarev wrote: > > > [ Reason ] > > > There were 2 qemu stable/bugfix releases (7.2.12 and 7.2.13) since > > > the previous debian release, fixing a number of various issues. > > > It would be nice to have these fixes in debian too, so debian users > > > will benefit from the qemu stable series. > > > > > > Among others, this release fixes an important security issue: > > > CVE-2024-4467, #1075824. > > > > > > Unfortunately, this release does not include fix for CVE-2024-6505 > > > (#1075919), since no information about this one is known at this > > > time. > > [...] > > > Maybe it's better to push this update through debian-security > > > instead of regular stable-proposed-updates. Cc'ing > > > [email protected] for this. Or maybe it's better to include > > > just the CVE-2024-4467 fix now in a security update, and revert > > > it for next s-p-u which includes whole upstream thing. > > > > It looks like nothing happened there? > > Sorry for not replying. > > Yes, please let it have fixed via the upcoming point release.
Ah, actually I guess there was no CC at least cannot fine earlier question. But as said the no-dsa entry was already added earlier so at this point and given the point release is on 31th, a point release update including the fix would be welcome. Regards, Salvatore
