pkgsrc-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Vulnerability for qemu



Fixed in CVS. It is going to take some hours / days to propagate.

On Sun, Nov 8, 2015 at 11:45 AM, Paul Goyette <paul%vps1.whooppee.com@localhost> wrote:
> Current package vulnerability database reports the following entry for
> qemu:
>
> Package qemu-2.4.1 has a buffer-overflow vulnerability, see
> https://lists.gnu.org/archive/html/qemu-devel/2015-08/msg02495.html
>
> Following the link gets you to a patch that fixes this issue.  And a
> quick check of pkgsrc's current code shows that this patch has already
> been included.
>
> Therefore, it seems to me that the vulnerability database should be
> updated to indicate that this particular entry no longer applies to
> 2.4.1 (or, presumably, any newer release).
>
> +------------------+--------------------------+-------------------------+
> | Paul Goyette     | PGP Key fingerprint:     | E-mail addresses:       |
> | (Retired)        | FA29 0E3B 35AF E8AE 6651 | paul at whooppee.com    |
> | Kernel Developer | 0786 F758 55DE 53BA 7731 | pgoyette at netbsd.org  |
> +------------------+--------------------------+-------------------------+



-- 
The first essential in chemistry is that you should perform practical
work and conduct experiments, for he who performs not practical work
nor makes experiments will never attain the least degree of mastery.
        -- Abu Musa Jabir ibn Hayyan (721-815)


Home | Main Index | Thread Index | Old Index