Hi

On Fri, Aug 2, 2019 at 2:19 PM Peter Maydell <peter.mayd...@linaro.org> wrote:
>
> On Wed, 31 Jul 2019 at 19:17, Peter Maydell <peter.mayd...@linaro.org> wrote:
> >
> > On Wed, 31 Jul 2019 at 19:05, Philippe Mathieu-Daudé <phi...@redhat.com> 
> > wrote:
> > >
> > > >   Unless there are any release critical bugs discovered, this
> > > >   will be the last release candidate before final release of 4.1.0
> > > >   on the 6th August. Otherwise we'll do an rc4 and release on
> > > >   the 13th August.
> > >
> > > We forgot to update the slirp submodule :(
> >
> > Were there any RC bugs in it?
>
> Ping! If we want to put this into an rc4 can we have a
> pull request with a justification on the mailing list
> sooner rather than later, please?

It's about a CVE-2019-14378, that Samuel fixed a few days ago:
https://gitlab.freedesktop.org/slirp/libslirp/commit/126c04acbabd7ad32c2b018fe10dfac2a3bc1210

Imho, it's not a regression, so no need to delay qemu release.

I would encourage distributions to switch to the shared library
version instead, so they can more easily and quickly apply updates.

-- 
Marc-André Lureau

Reply via email to