Hello,
These CVEs have not been dealth with in the ports tree yet. I'm not sure
if non-devel qemu or static/sbruno/etc flavors are also vulnerable?
Maybe Xen stuff? Can someone lend a hand?
Thanks!
Details
Details
- Reviewers
bofh - Commits
- rP405027: emulators/qemu-devel: Update version 2.4.0=>2.5.0
Diff Detail
Diff Detail
- Repository
- rP FreeBSD ports repository
- Lint
Lint Not Applicable - Unit
Tests Not Applicable
Event Timeline
Comment Actions
Regarding emulators/qemu,
It may be vulnerable and we do have CVE-2015-5154, CVE-2015-5166, CVE-2015-5165 from a prior PR still valid against this. In https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=202402#c17 Sean brought up getting guidance from Juergen on a way ahead.
Regarding emulators/qemu-sbruno and emulators/qemu-user-static,
They would be impacted and it looks like https://github.com/seanbruno/qemu-bsd-user will need a fresh pull from upstream.
Regarding Xen,
I don't see any security advisory from them just yet at http://xenbits.xen.org/xsa/
Comment Actions
As a cross reference (for CVE-2015-5225 at least)
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=203112
Comment Actions
I suspect that this might be a deprecated review at this time. emulators/qemu now tracks the stable release of QEMU.