** Description changed: + [Impact] + + * Two CVE fixes from upstream and a bunch of packaging fixes from Debian + * The only big change is in binfmt which was discussed in detail in + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=866756 + + [Test Case] + + * Full virt regression tests were run before the upload. + Details are in the linked Merge Proposals. + + + [Regression Potential] + + * The external spice-ui is already in the code but non functional, so + adding the related .so files can't regress it from dysfunctional to less + than that :-). It has no impact to other areas of qemu (only when the + new arg is used). + * placing the svg correctly has no drawback I can think of + * the Multi-Arch change also seems safe to me. + * the binfmt registration changes are the only ones with a potential + regression if it turns out to not work. But it follows the guidance of + the binfmt owner (cjwatson) and therefore should be much better by + relying on binfmt itself then coding it in qemu itself. + + [Other Info] + + * This isn't technically an SRU, but I have learned that filling these + templates helps the release Team to accept changes while in 20.04 Freeze + time. + + --- + I was made aware by mdeslaur about CVE-2020-10702 and CVE-2020-11102. While checking for those I also realized that we should pick a few more (cherry picks only to not violate Feature Freeze). This also includes some long term discussions/fixes that I have driven myself or tracked with Debian. Adding those would make Focal better so lets add those fixes before 20.04 release.
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1872937 Title: Fetch recent CVE and packaging fixes To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/1872937/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
