Control: severity -1 minor

02.06.2013 22:53, Michael Gilbert wrote:
> Package: qemu
> Severity: serious
> version: 1.5.0+dfsg-1
> Tags: security
> 
> Hi,
> An out-of-bounds issue in virtio was published for qemu:
> https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2016

Yes, that's the case.  However, the issue is so small, --
they wern't sure it is worth assigning a CVE# for it.
I even forgot to include the fix for it to the latest
1.5.0-3 release.

Setting severity as that.

> I've checked squeeze and wheezy (both qemu and qemu-kvm).  They are
> both not affected.

Thank you for that!

> If you fix the vulnerability please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

Yes, sure.  Thank you for the bugreport and the diagnostics!

/mjt


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Reply via email to