Your message dated Tue, 29 Jan 2013 21:03:06 +0000 with message-id <e1u0ikg-0003kj...@franck.debian.org> and subject line Bug#699224: fixed in libvirt 0.9.12-6 has caused the Debian Bug report #699224, regarding libvirt [CVE-2013-0170]: libvirt Use-After-Free May Let Remote Users Execute Arbitrary Code to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 699224: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699224 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: libvirt Severity: grave Tags: security patch Justification: user security hole Hi, please see : https://bugzilla.redhat.com/show_bug.cgi?id=893450 http://libvirt.org/git/?p=libvirt.git;a=commit;h=46532e3e8ed5f5a736a02f67d6c805492f9ca720 The Debian package in unstable looks affected. Can you check if the stable version is affected too? Cheers, luciano
--- End Message ---
--- Begin Message ---Source: libvirt Source-Version: 0.9.12-6 We believe that the bug you reported is fixed in the latest version of libvirt, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 699...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Guido Günther <a...@sigxcpu.org> (supplier of updated libvirt package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Tue, 29 Jan 2013 21:02:05 +0100 Source: libvirt Binary: libvirt-bin libvirt0 libvirt0-dbg libvirt-doc libvirt-dev python-libvirt Architecture: source all i386 Version: 0.9.12-6 Distribution: unstable Urgency: low Maintainer: Debian Libvirt Maintainers <pkg-libvirt-maintain...@lists.alioth.debian.org> Changed-By: Guido Günther <a...@sigxcpu.org> Description: libvirt-bin - programs for the libvirt library libvirt-dev - development files for the libvirt library libvirt-doc - documentation for the libvirt library libvirt0 - library for interfacing with different virtualization systems libvirt0-dbg - library for interfacing with different virtualization systems python-libvirt - libvirt Python bindings Closes: 697852 699128 699224 699281 Changes: libvirt (0.9.12-6) unstable; urgency=low . * [78a3a68] Revert "rpc: Discard non-blocking calls only when necessary" Thanks to Jiri Denemark for the patch and Philipp Hahn for debugging * [5b4dc1a] qemu: Fix off-by-one error while unescaping monitor strings. Thanks to Peter Krempa for the patch and Philipp Hahn for debugging this (Closes: #699281) * [372f53d] rpc: Fix crash on error paths of message dispatching. This fixes CVE-2013-0170 Thanks to Peter Krempa (Closes: #699224) * [2a2a60e] Make python-libvirt depend on the exact same libvirt0 version (Closes: #697852, #699128) Checksums-Sha1: e63fd3366c1ff7b9f3a40efafe4415f1e663aee5 2276 libvirt_0.9.12-6.dsc 9c2a7ebb0443e0f9f2a28f04627650e39eacf762 39403 libvirt_0.9.12-6.debian.tar.gz 09f8d021b8f7ac6ce800899f81a24a23a6a5fc8b 2174106 libvirt-doc_0.9.12-6_all.deb 463fc4186e3f3588768e001d284a30a1ac900771 2333552 libvirt-bin_0.9.12-6_i386.deb 227455ddf4c4c3d5ceacf7eb28f8750bd5e53ccf 2122184 libvirt0_0.9.12-6_i386.deb e8baee85b442b4684d2d9b6bc63f64d692ccf1e7 7471272 libvirt0-dbg_0.9.12-6_i386.deb 025018d355dc745eba3ea262efb5580a4cdf6f77 2503610 libvirt-dev_0.9.12-6_i386.deb 074f4d10074ad3c985676d6e30398f0eea97f621 1420600 python-libvirt_0.9.12-6_i386.deb Checksums-Sha256: 96b5f922c87ec9670ffd3c3e55208a16630ffb1f086e0eb16a2564a83431b002 2276 libvirt_0.9.12-6.dsc 04be65c9cba6b35ade0aac3ff88c3a79e071e2f44882bf7fa943e5740db80885 39403 libvirt_0.9.12-6.debian.tar.gz 954f2ba444d177e5164735d2beb083605eefa795a84f99645e494660bbc1403a 2174106 libvirt-doc_0.9.12-6_all.deb b9961c151811b7f83444e194be26cd8a0bd53774bda7200e6c6075e96b55f518 2333552 libvirt-bin_0.9.12-6_i386.deb d67dd2bb41ef1ccd606412b82c37823da13731e72b83fcd5acc502174441839a 2122184 libvirt0_0.9.12-6_i386.deb 738e372662efa24d171b2e99657ea885794b7de19e05f0605dbbe6746bc1713d 7471272 libvirt0-dbg_0.9.12-6_i386.deb 90323706feffa2c64b36003f435927d29e39a80fe0a9b0ad8c9918b4107ef5a6 2503610 libvirt-dev_0.9.12-6_i386.deb 529a5b80951c1cb306d989b6b920bb437902f5398bed174362ece45e51885c59 1420600 python-libvirt_0.9.12-6_i386.deb Files: 4a748f53080a86a2488309dc0bf9574f 2276 libs optional libvirt_0.9.12-6.dsc d3c30544e35e0fffccb69a51dda2d301 39403 libs optional libvirt_0.9.12-6.debian.tar.gz 7526e0a5973d4cb38b90d383794272d8 2174106 doc optional libvirt-doc_0.9.12-6_all.deb 61e72b967ab46f9e86551bff138de7d1 2333552 admin optional libvirt-bin_0.9.12-6_i386.deb 18c1efd956ed901c41465ca8bf6764f8 2122184 libs optional libvirt0_0.9.12-6_i386.deb 94d597663ae660358e1f7626500c6767 7471272 debug extra libvirt0-dbg_0.9.12-6_i386.deb e237b11fdd69e27654a2a0758415d80b 2503610 libdevel optional libvirt-dev_0.9.12-6_i386.deb 6c5763c5cef5dd01d2d137f224591061 1420600 python optional python-libvirt_0.9.12-6_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFRCDYSn88szT8+ZCYRAgp7AJ9fUj7z8sx5+IZdQE0snoR49CLvOACfZXe6 G7Gvr9gWyqjgvmLB72Ye698= =RXZv -----END PGP SIGNATURE-----
--- End Message ---
