| 2020-04-16 09:40:58 |
Christian Ehrhardt |
description |
I was made aware by mdeslaur about CVE-2020-10702 and CVE-2020-11102.
While checking for those I also realized that we should pick a few more (cherry picks only to not violate Feature Freeze).
This also includes some long term discussions/fixes that I have driven myself or tracked with Debian. Adding those would make Focal better so lets add those fixes before 20.04 release. |
[Impact]
* Two CVE fixes from upstream and a bunch of packaging fixes from Debian
* The only big change is in binfmt which was discussed in detail in
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=866756
[Test Case]
* Full virt regression tests were run before the upload.
Details are in the linked Merge Proposals.
[Regression Potential]
* The external spice-ui is already in the code but non functional, so
adding the related .so files can't regress it from dysfunctional to less
than that :-). It has no impact to other areas of qemu (only when the
new arg is used).
* placing the svg correctly has no drawback I can think of
* the Multi-Arch change also seems safe to me.
* the binfmt registration changes are the only ones with a potential
regression if it turns out to not work. But it follows the guidance of
the binfmt owner (cjwatson) and therefore should be much better by
relying on binfmt itself then coding it in qemu itself.
[Other Info]
* This isn't technically an SRU, but I have learned that filling these
templates helps the release Team to accept changes while in 20.04 Freeze
time.
---
I was made aware by mdeslaur about CVE-2020-10702 and CVE-2020-11102.
While checking for those I also realized that we should pick a few more (cherry picks only to not violate Feature Freeze).
This also includes some long term discussions/fixes that I have driven myself or tracked with Debian. Adding those would make Focal better so lets add those fixes before 20.04 release. |
|
