Hi On Fri, Aug 2, 2019 at 2:19 PM Peter Maydell <peter.mayd...@linaro.org> wrote: > > On Wed, 31 Jul 2019 at 19:17, Peter Maydell <peter.mayd...@linaro.org> wrote: > > > > On Wed, 31 Jul 2019 at 19:05, Philippe Mathieu-Daudé <phi...@redhat.com> > > wrote: > > > > > > > Unless there are any release critical bugs discovered, this > > > > will be the last release candidate before final release of 4.1.0 > > > > on the 6th August. Otherwise we'll do an rc4 and release on > > > > the 13th August. > > > > > > We forgot to update the slirp submodule :( > > > > Were there any RC bugs in it? > > Ping! If we want to put this into an rc4 can we have a > pull request with a justification on the mailing list > sooner rather than later, please?
It's about a CVE-2019-14378, that Samuel fixed a few days ago: https://gitlab.freedesktop.org/slirp/libslirp/commit/126c04acbabd7ad32c2b018fe10dfac2a3bc1210 Imho, it's not a regression, so no need to delay qemu release. I would encourage distributions to switch to the shared library version instead, so they can more easily and quickly apply updates. -- Marc-André Lureau
