Hi Balint,
> I took the liberty of claiming qemu-kvm for you in dla-needed.txt.
Thanks !
> There are also new issues reported today for qemu.
I've had a quick look at them, but I'd like to fix CVE-2016-7116 firstly.
In fact, reproducing this issue turned out to be a bit more difficult than
Hi Hugo and Guido,
On Mon, 5 Sep 2016, Hugo Lefeuvre wrote:
There are several "versions" of Plan 9 currently. The Bell one, which is rather
inactive, and forked one, 9front, which seems to be under active development[0].
oh, great, I "found" the wrong one.
I wasn't sure whether we should do
Hi Thorsten,
> > "A privileged user inside guest could use this flaw to access undue
> > files on the host."
>
> ... you should also cite:
> "... host directory sharing via Plan 9 File System(9pfs) support ..."
>
> The latest news on [1] is from 2008. I am not sure whether there are really
>
On Sun, Sep 04, 2016 at 08:06:11PM +0200, Thorsten Alteholz wrote:
> Hi Guido,
>
> On Sun, 4 Sep 2016, Guido Günther wrote:
> > no-dsa should be used very scarcely in LTS since we don't have a s-p-u
> > to fix minor issues and reading the RedHat entry[1]:
>
> yes, but ...
>
> > "A privileged
Hi Guido,
On Sun, 4 Sep 2016, Guido Günther wrote:
no-dsa should be used very scarcely in LTS since we don't have a s-p-u
to fix minor issues and reading the RedHat entry[1]:
yes, but ...
"A privileged user inside guest could use this flaw to access undue
files on the host."
... you
Hi Thorsten,
On Sun, Sep 04, 2016 at 05:23:40PM +0200, Thorsten Alteholz wrote:
> Hi Hugo,
>
> are you aware that this CVE is marked as in Jessie and soon will be
> in Wheezy as well.
>
> So unless you disagree with this , it would be better to avoid any
> potential regression and not upload
> Yes, qemu is supported (and there has was lots of file renaming after
> the Wheezy version). If you handle qemu please look at qemu-kvm as well
> (they're the same version).
Thanks for the hint.
By the way, could you explain me why this CVE is still labeled RESERVED,
although a public fix
On Fri, Sep 02, 2016 at 12:12:17PM +0200, Hugo Lefeuvre wrote:
> Hi,
>
> I've had a quick look at CVE-2016-7116[0] and would be interested by working
> on
> it. Upstream provided a patch[1], which looks 'relatively' simple and seems to
> apply well with some adaptations. However, the names of
Hi,
I've had a quick look at CVE-2016-7116[0] and would be interested by working on
it. Upstream provided a patch[1], which looks 'relatively' simple and seems to
apply well with some adaptations. However, the names of the concerned files have
changed[2] (e.g. virtio-9p.c -> 9p.c). I think this
