Source: qemu Version: 1:2.7+dfsg-3 Severity: important Tags: security upstream patch
Hi, the following vulnerabilities were published for qemu. CVE-2016-9913[0]: 9pfs: adjust the order of resource cleanup in device unrealize CVE-2016-9914[1]: 9pfs: add cleanup operation in FileOperations CVE-2016-9915[2]: 9pfs: add cleanup operation for handle backend driver CVE-2016-9916[3]: 9pfs: add cleanup operation for proxy backend driver If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2016-9913 [1] https://security-tracker.debian.org/tracker/CVE-2016-9914 [2] https://security-tracker.debian.org/tracker/CVE-2016-9915 [3] https://security-tracker.debian.org/tracker/CVE-2016-9916 Please adjust the affected versions in the BTS as needed. If I'm not mistaken all of those affect as well 2.1 as for jessie, even though the code is slight changed or restructured e.g. for CVE-2016-9913 codepath, but the issue should be there as well. OTOH, I think those might be all no-dsa and can be fixed via a point release. Regards, Salvatore _______________________________________________ Secure-testing-team mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-team
