Debian Bug report logs -
#727101
libvirt: CVE-2013-4400 / CVE-2013-4401
Reported by: Moritz Muehlenhoff <jmm@inutil.org>
Date: Tue, 22 Oct 2013 10:15:01 UTC
Severity: important
Tags: patch, security
Fixed in version libvirt/1.1.4~rc2-1
Done: Guido Günther <agx@sigxcpu.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian Libvirt Maintainers <pkg-libvirt-maintainers@lists.alioth.debian.org>:
Bug#727101; Package libvirt.
(Tue, 22 Oct 2013 10:15:06 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Muehlenhoff <jmm@inutil.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian Libvirt Maintainers <pkg-libvirt-maintainers@lists.alioth.debian.org>.
(Tue, 22 Oct 2013 10:15:06 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: libvirt
Severity: important
Tags: security patch
Justification: user security hole
Please see
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4400
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4401
oldstable/stable is not affected.
Cheers,
Moritz
Reply sent
to Guido Günther <agx@sigxcpu.org>:
You have taken responsibility.
(Sun, 03 Nov 2013 11:36:09 GMT) (full text, mbox, link).
Notification sent
to Moritz Muehlenhoff <jmm@inutil.org>:
Bug acknowledged by developer.
(Sun, 03 Nov 2013 11:36:09 GMT) (full text, mbox, link).
Message #10 received at 727101-close@bugs.debian.org (full text, mbox, reply):
Source: libvirt
Source-Version: 1.1.4~rc2-1
We believe that the bug you reported is fixed in the latest version of
libvirt, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 727101@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Guido Günther <agx@sigxcpu.org> (supplier of updated libvirt package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sun, 03 Nov 2013 11:44:18 +0100
Source: libvirt
Binary: libvirt-bin libvirt0 libvirt0-dbg libvirt-doc libvirt-dev python-libvirt libvirt-sanlock
Architecture: source i386 all
Version: 1.1.4~rc2-1
Distribution: experimental
Urgency: low
Maintainer: Debian Libvirt Maintainers <pkg-libvirt-maintainers@lists.alioth.debian.org>
Changed-By: Guido Günther <agx@sigxcpu.org>
Description:
libvirt-bin - programs for the libvirt library
libvirt-dev - development files for the libvirt library
libvirt-doc - documentation for the libvirt library
libvirt-sanlock - library for interfacing with different virtualization systems
libvirt0 - library for interfacing with different virtualization systems
libvirt0-dbg - library for interfacing with different virtualization systems
python-libvirt - libvirt Python bindings
Closes: 725261 727101
Changes:
libvirt (1.1.4~rc2-1) experimental; urgency=low
.
* [b56f727] Add option to mount cgroups during daemon start. The init
script can mount each control group to a different mount point during
prior to starting libvirt bin. This allows running qemu and lxc guests
together without using systemd.
Thanks to Manuel VIVES (Closes: #725261)
* [e044f56] New upstream version 1.1.4~rc2 (Closes: #727101)
* [d046906] Update symbols file
* [6a8cd2d] Update patches
* [ac24680] Lower policykit-1 build-dep since CVE-2013-4288 was fixed in
unstable by patching policykit instead of moving the new upstream version
from unstable.
Checksums-Sha1:
fd1a95bbb2ced54628f0466fc4837ecab7cf0c1f 2624 libvirt_1.1.4~rc2-1.dsc
2bb7df3187dbd10983e7d0f8d8a45e9fd3ccda07 26754461 libvirt_1.1.4~rc2.orig.tar.gz
857ea78faa7c217aeef54b32e0bb98b066b8bbf6 42692 libvirt_1.1.4~rc2-1.debian.tar.gz
8d0fa2841ce1e1bea245eb1a3c23549ea0b84bac 3485436 libvirt-bin_1.1.4~rc2-1_i386.deb
d128d39815278ea86895a3a76e89fc84fdc727f1 2396090 libvirt0_1.1.4~rc2-1_i386.deb
551cee2a2851db1381c5990bdd79454d9ea607bc 7558184 libvirt0-dbg_1.1.4~rc2-1_i386.deb
4ed6ef1b53c00278d1830eea447aa41285eff7fe 2668614 libvirt-doc_1.1.4~rc2-1_all.deb
d6a3b683badce696f903e9ca802a805b97bfc5d4 1672778 libvirt-dev_1.1.4~rc2-1_i386.deb
947be27ab024dd4f1473ff5a973fddace093648f 1760458 python-libvirt_1.1.4~rc2-1_i386.deb
14b3f637069534ea463f051dbaecb62c839bffb6 1669778 libvirt-sanlock_1.1.4~rc2-1_i386.deb
Checksums-Sha256:
d6348315c37572258f86b4ddcb14cfd55ffda55935488a27e90566ab453e373b 2624 libvirt_1.1.4~rc2-1.dsc
885d7a7adde4558f68ed453e8405e01181f2a6283f05b9f6153a3f371d5ae06e 26754461 libvirt_1.1.4~rc2.orig.tar.gz
d3d567ccf2d895d845d4998f0373376b56835983a9edbdac95e44c9994d153ac 42692 libvirt_1.1.4~rc2-1.debian.tar.gz
45b552581a394ae548f0e4d8770f1e859aeb9397811be31d8ccc676a13dffae0 3485436 libvirt-bin_1.1.4~rc2-1_i386.deb
9885f471fbb72854909a5a2fac57662fa77f146e89f4cb95031a31202672e213 2396090 libvirt0_1.1.4~rc2-1_i386.deb
50a706a8645f5eda14ebd95b83c1c7d3b25d550a1415a07795a8a081e6aa5bab 7558184 libvirt0-dbg_1.1.4~rc2-1_i386.deb
ed806fa3bded9a178ea4290966467228c4fa54099be6968c5be9c5bd767ee736 2668614 libvirt-doc_1.1.4~rc2-1_all.deb
f6bb4b2afac54297bb8b8435c35f00328c1123e600b2e9e6e87260b785ab05fc 1672778 libvirt-dev_1.1.4~rc2-1_i386.deb
836b333c2422da26f124ae6549005d0cc5e20a94a6333eb203f7dee784f1128d 1760458 python-libvirt_1.1.4~rc2-1_i386.deb
0836a6e03336aa046ddcdead9f73ed7d437f023a2e55833dc8b94d7c5b6814af 1669778 libvirt-sanlock_1.1.4~rc2-1_i386.deb
Files:
88a1d02d6a2715392f5a754631b6ebe1 2624 libs optional libvirt_1.1.4~rc2-1.dsc
8e3357c691c1843defc6dec54fbcb310 26754461 libs optional libvirt_1.1.4~rc2.orig.tar.gz
28b4baa92f693cf511db0dfdd1c10cb3 42692 libs optional libvirt_1.1.4~rc2-1.debian.tar.gz
c1857c145753e220e51c2c2a1257c1a9 3485436 admin optional libvirt-bin_1.1.4~rc2-1_i386.deb
eca9da2be7f62e793d230500c01f19dc 2396090 libs optional libvirt0_1.1.4~rc2-1_i386.deb
4312b3e33fe4f1626a3b194371acdd82 7558184 debug extra libvirt0-dbg_1.1.4~rc2-1_i386.deb
ebb112a6ceb8fd27d3a13472a984445b 2668614 doc optional libvirt-doc_1.1.4~rc2-1_all.deb
b61a1b6efe2976402bb9fdbfc10acef2 1672778 libdevel optional libvirt-dev_1.1.4~rc2-1_i386.deb
f0c92a9679957d72197ef41648a6fb8c 1760458 python optional python-libvirt_1.1.4~rc2-1_i386.deb
6a9b0227df0c38dbee09c9b740d24014 1669778 libs extra libvirt-sanlock_1.1.4~rc2-1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iD8DBQFSdi9+n88szT8+ZCYRArtCAJ9pBGYVyuuBPR6Q2owEeTR/3ct4ogCggKNX
5N4UahTP8CZ/J852S3Tj40k=
=SErs
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Mon, 02 Dec 2013 07:25:30 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 13:46:27 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon