Bug#882296: qemu: please consider security support for virtio GPU
> Hmm. I'm not sure what do you want to achieve here. And why are you filing a bug for this. Where security support is "marked" to start with? Thanks, /mjt https://security-tracker.debian.org/tracker/CVE-2017-9060 https://security-tracker.debian.org/tracker/CVE-2017-5578 The notes at the bottom assume virtio gpu doesn't need security patches because "1:2.8+dfsg-2 upload reverts enable virtio gpu (virglrenderer) and opengl support" Virtio GPU can be used without virgl 3d accleration. I want to make sure security patches for it aren't ignored in the future.
Bug#882296: qemu: please consider security support for virtio GPU
Package: qemu Version: 1:2.8+dfsg-6 Severity: wishlist security support for Virtio GPU is marked as unimportant because 2.8+dfsg-6 doesn't have virgl and opengl support. Virtio GPU can be used in 2d mode without virgl 3d accleration, I use it in virt-manager with spice (I've been having issues with QXL in guests with newer kernels).
Bug#882296: qemu: please consider security support for virtio GPU
On 21.11.2017 16:45, gr...@airmail.cc wrote: > > https://security-tracker.debian.org/tracker/CVE-2017-9060 > https://security-tracker.debian.org/tracker/CVE-2017-5578 > > The notes at the bottom assume virtio gpu doesn't need security patches > because "1:2.8+dfsg-2 upload reverts enable virtio gpu (virglrenderer) and > opengl support" > > Virtio GPU can be used without virgl 3d accleration. I want to make sure > security patches for it aren't ignored in the fu The mentioned CVEs applies to 3d portion, which is indeed disabled in stretch. These CVEs are only as important as we care about an ussue which only exists in the SOURCE. These parts of qemu aren't compiled into binary shipped in Debian. I don't see a problem with that at all, I don't see why do you want to patch a bug whch does not exists in Debian binary archive. Besides, why are you filing a bugreport about this? :) Thanks, /mjt
Bug#882296: qemu: please consider security support for virtio GPU
Control: tag -1 moreinfo unreproducible On 21.11.2017 10:57, gr...@airmail.cc wrote: > Package: qemu > Version: 1:2.8+dfsg-6 > Severity: wishlist > > security support for Virtio GPU is marked as unimportant because 2.8+dfsg-6 > doesn't have virgl and opengl support. Virtio GPU can be used in 2d mode > without virgl 3d accleration, I use it in virt-manager with spice (I've been > having issues with QXL in guests with newer kernels). > Hmm. I'm not sure what do you want to achieve here. And why are you filing a bug for this. Where security support is "marked" to start with? Thanks, /mjt
