On Wed, Jan 08, 2014 at 07:16:18AM +0100, Salvatore Bonaccorso wrote: > Package: libvirt > Severity: grave > Tags: security upstream patch fixed-upstream > > Hi Guido, > > Disclaimer: I have not checked to reproduce the crash, just shortly > checked latest unstable version. Have set grave as per "[...] could > allow an attacker who is able to establish a read-only connection to > libvirtd to crash libvirtd".
I do think it affects all releases. Cheers, -- Guido > > the following vulnerability was published for libvirt. > > CVE-2013-6458[0]: > job usage issue in several APIs leading to libvirtd crash > > If you fix the vulnerability please also make sure to include the > CVE (Common Vulnerabilities & Exposures) id in your changelog entry. > > For further information see: > > [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6458 > http://security-tracker.debian.org/tracker/CVE-2013-6458 > [1] https://bugzilla.redhat.com/show_bug.cgi?id=1048631 > [2] > http://libvirt.org/git/?p=libvirt.git;a=commit;h=db86da5ca2109e4006c286a09b6c75bfe10676ad > (upstream fix) > > Please adjust the affected versions in the BTS as needed. > > Regards, > Salvatore > > _______________________________________________ > Pkg-libvirt-maintainers mailing list > pkg-libvirt-maintain...@lists.alioth.debian.org > http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-libvirt-maintainers > -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
