Stefano, apart from having been curious for a while why we carry a fix for CVE-2013-4540 in our 4.4.1 based tree, patches for CVE-2014-3615 appeared there too recently. What is the maintenance state of the stable qemu upstream trees in regard to security fixes? I would kind of expect that you as the maintainer pick up such fixes (semi-) automatically. Quite likely some of the upstream issues don't directly affect our clones, perhaps simply because we don't build the respective code (at least by default), but I think we should either document such facts or (unless they impose severe risk) we should apply them nevertheless.
Thanks, Jan _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel
