Bug#859599: unblock: qemu/1:2.8+dfsg-4

Wed, 19 Apr 2017 08:42:49 -0700 

19.04.2017 14:31, Michael Tokarev пишет:
> Control: tag -1 - moreinfo
> 
> 18.04.2017 11:06, Niels Thykier wrote:
> 
>>> unblock qemu/1:2.8+dfsg-4
> 
>> Hi Michael,
>>
>> Please go ahead with this change set and let us know once it has been
>> built on all relevant release architectures in unstable.
> 
> Thank you very much!  It wasn't an easy job on your part.
> 
> It's uploaded and built on all release architectures now.

One more thing I forgot to mention.  Besides the already discussed
debdiff there's ONE MORE change I added to the uploaded version,
very small, I forgot to mention debian bug# for CVE-2017-7377 fix.
Here's the diff between the unblock request and the actual upload
(the change is in the changelog, mentioning closing of #859854,
and modified patch headers to include the same info):

diff -u -r qemu-2.8+dfsg-4_/debian/changelog qemu-2.8+dfsg-4/debian/changelog
--- qemu-2.8+dfsg-4_/debian/changelog   2017-04-19 18:35:46.086278674 +0300
+++ qemu-2.8+dfsg-4/debian/changelog    2017-04-03 16:28:49.000000000 +0300
@@ -21,7 +21,7 @@
      vmxnet3-fix-memory-corruption-on-vlan-header-stripping-CVE-2017-6058.patch
   * bump seabios dependency to 1.10.2 due to ahci fix in 2.8.1
   * 9pfs-fix-file-descriptor-leak-CVE-2017-7377.patch
-    Closes: CVE-2017-7377
+    (Closes: #859854, CVE-2017-7377)
   * dma-rc4030-limit-interval-timer-reload-value-CVE-2016-8667.patch
     Closes: #840950, CVE-2016-8667
   * make d/control un-writable to stop users from changing a generated file
diff -u -r 
qemu-2.8+dfsg-4_/debian/patches/9pfs-fix-file-descriptor-leak-CVE-2017-7377.patch
qemu-2.8+dfsg-4/debian/patches/9pfs-fix-file-descriptor-leak-CVE-2017-7377.patch
--- 
qemu-2.8+dfsg-4_/debian/patches/9pfs-fix-file-descriptor-leak-CVE-2017-7377.patch
   2017-04-19 18:35:46.086278674 +0300
+++ 
qemu-2.8+dfsg-4/debian/patches/9pfs-fix-file-descriptor-leak-CVE-2017-7377.patch
    2017-04-03 16:28:49.000000000 +0300
@@ -1,8 +1,8 @@
 From: Li Qiang <liq...@gmail.com>
 Date: Mon, 27 Mar 2017 21:13:19 +0200
-Subject: 9pfs: fix file descriptor leak
+Subject: 9pfs: fix file descriptor leak (CVE-2017-7377)
 Commit-Id: d63fb193e71644a073b77ff5ac6f1216f2f6cf6e
-Bug-Debian: http://security-tracker.debian.org/tracker/CVE-2017-7377
+Bug-Debian: http://bugs.debian.org/859854

 The v9fs_create() and v9fs_lcreate() functions are used to create a file
 on the backend and to associate it to a fid. The fid shouldn't be already

Reply via email to