06.06.2016 04:37, Ben Hutchings wrote: > Hello dear maintainer(s), > > the Debian LTS team would like to fix the security issues which are > currently open in the Wheezy version of qemu: > https://security-tracker.debian.org/tracker/CVE-2016-3710 > https://security-tracker.debian.org/tracker/CVE-2016-3712 > https://security-tracker.debian.org/tracker/CVE-2016-5238
Why these 3? I can see why you want to fix the 2 VGA vulns (3710 & 3712 above), but 5238? Note that while the bug might look more or less serious, the device in question is not a very commonly used one. I don't know if it is used at all. More, this prob is nearly impossibe to hit in practice. And even more, this prob isn't fixed in sid yet, as of today the fix hasn't landed in upstream git still. VGA bugs are worth to fix for sure. /mjt
