Hi Michael, On Tue, Dec 16, 2025 at 09:26:23AM +0300, Michael Tokarev wrote: > Package: release.debian.org > Severity: normal > Tags: bookworm > X-Debbugs-Cc: [email protected], [email protected] > Control: affects -1 + src:qemu > User: [email protected] > Usertags: pu > > [ Reason ] > There are 2 new upstream stable/bugfix releases in the > 7.2.x LTS branch. The number of fixes this time is > relatively small, and many of them are to the testsuite, > in an attempt to keep tests running. > > Among other things, this fixes two security issues: > #1119917, CVE-2025-12464 (buffer overflow in e1000_receive_iov) > #1117153, CVE-2025-11234 (UAF in websocket handshake code)
Just a question for proper tracking, shouldn't we consider the CVE-2025-12464 issue only beeing introduced with 8.1.0 according to the commit https://lore.kernel.org/qemu-devel/[email protected]/T/#u https://gitlab.com/qemu-project/qemu/-/commit/a01344d9d78089e9e585faaeb19afccff2050abf ? Regards, Salvatore
