On 7 August 2018 at 14:09, Daniel P. Berrangé <berra...@redhat.com> wrote: > On Tue, Aug 07, 2018 at 03:07:07PM +0200, Thomas Huth wrote: >> But 864036e251f54c9 was never part of an official QEMU release, was it? >> Or did it go into a stable release already? If not, I think you simply >> need both patches to fix the CVE instead. > > Ah possibly - I didn't look at where 864036e251f54c9 was actually > release or not. If its onyl git master, then yeah, we can use the > same CVE we already have.
Yeah, we haven't released anything with 864036e251f54c9 in it yet. (In particular we did not flag it up for stable and so it is not in 2.12.1...) thanks -- PMM
