Vulnerability for qemu

To: pkgsrc-users%NetBSD.org@localhost
Subject: Vulnerability for qemu
From: Paul Goyette <paul%vps1.whooppee.com@localhost>
Date: Sun, 8 Nov 2015 18:45:13 +0800 (PHT)

Current package vulnerability database reports the following entry for
qemu:

Package qemu-2.4.1 has a buffer-overflow vulnerability, seehttps://lists.gnu.org/archive/html/qemu-devel/2015-08/msg02495.html


Following the link gets you to a patch that fixes this issue.  And a
quick check of pkgsrc's current code shows that this patch has already
been included.

Therefore, it seems to me that the vulnerability database should be
updated to indicate that this particular entry no longer applies to
2.4.1 (or, presumably, any newer release).

+------------------+--------------------------+-------------------------+
| Paul Goyette     | PGP Key fingerprint:     | E-mail addresses:       |
| (Retired)        | FA29 0E3B 35AF E8AE 6651 | paul at whooppee.com    |
| Kernel Developer | 0786 F758 55DE 53BA 7731 | pgoyette at netbsd.org  |
+------------------+--------------------------+-------------------------+

Follow-Ups:
- Re: Vulnerability for qemu
  - From: Benny Siegert

Prev by Date: Re: omxplayer on Raspberry Pi 2 on NetBSD 7 - anyone succeeded in building
Next by Date: Re: Vulnerability for qemu
Previous by Thread: Default ABI on Darwin
Next by Thread: Re: Vulnerability for qemu
Indexes:

Home | Main Index | Thread Index | Old Index