Debian Bug report logs -
#683483
CVE-2012-3445
Reported by: Moritz Muehlenhoff <muehlenhoff@univention.de>
Date: Wed, 1 Aug 2012 07:51:02 UTC
Severity: grave
Tags: security
Fixed in versions libvirt/0.9.13-1, libvirt/0.9.12-4
Done: Guido Günther <agx@sigxcpu.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, Debian Libvirt Maintainers <pkg-libvirt-maintainers@lists.alioth.debian.org>:
Bug#683483; Package libvirt.
(Wed, 01 Aug 2012 07:51:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Muehlenhoff <muehlenhoff@univention.de>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, Debian Libvirt Maintainers <pkg-libvirt-maintainers@lists.alioth.debian.org>.
(Wed, 01 Aug 2012 07:51:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: libvirt
Severity: grave
Tags: security
Please see
https://bugzilla.redhat.com/show_bug.cgi?id=844734
https://www.redhat.com/archives/libvir-list/2012-July/msg01650.html
This was assigned CVE-2012-3445
Cheers,
Moritz
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Libvirt Maintainers <pkg-libvirt-maintainers@lists.alioth.debian.org>:
Bug#683483; Package libvirt.
(Wed, 01 Aug 2012 11:09:06 GMT) (full text, mbox, link).
Acknowledgement sent
to Guido Günther <agx@sigxcpu.org>:
Extra info received and forwarded to list. Copy sent to Debian Libvirt Maintainers <pkg-libvirt-maintainers@lists.alioth.debian.org>.
(Wed, 01 Aug 2012 11:09:06 GMT) (full text, mbox, link).
Message #10 received at 683483@bugs.debian.org (full text, mbox, reply):
notfound 0.8.3-5+squeeze2
thanks
On Wed, Aug 01, 2012 at 09:46:57AM +0200, Moritz Muehlenhoff wrote:
> Package: libvirt
> Severity: grave
> Tags: security
>
> Please see
> https://bugzilla.redhat.com/show_bug.cgi?id=844734
> https://www.redhat.com/archives/libvir-list/2012-July/msg01650.html
>
> This was assigned CVE-2012-3445
Squeeze doesn't have virTypedParameter* so it isn't affected.
Cheers,
-- Guido
>
> Cheers,
> Moritz
>
> _______________________________________________
> Pkg-libvirt-maintainers mailing list
> Pkg-libvirt-maintainers@lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-libvirt-maintainers
>
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Libvirt Maintainers <pkg-libvirt-maintainers@lists.alioth.debian.org>:
Bug#683483; Package libvirt.
(Wed, 01 Aug 2012 14:24:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Mühlenhoff <muehlenhoff@univention.de>:
Extra info received and forwarded to list. Copy sent to Debian Libvirt Maintainers <pkg-libvirt-maintainers@lists.alioth.debian.org>.
(Wed, 01 Aug 2012 14:24:05 GMT) (full text, mbox, link).
Message #15 received at 683483@bugs.debian.org (full text, mbox, reply):
On Mittwoch, 1. August 2012 13:07:33 Guido Günther wrote:
> notfound 0.8.3-5+squeeze2
> thanks
>
> On Wed, Aug 01, 2012 at 09:46:57AM +0200, Moritz Muehlenhoff wrote:
> > Package: libvirt
> > Severity: grave
> > Tags: security
> >
> > Please see
> > https://bugzilla.redhat.com/show_bug.cgi?id=844734
> > https://www.redhat.com/archives/libvir-list/2012-July/msg01650.html
> >
> > This was assigned CVE-2012-3445
>
> Squeeze doesn't have virTypedParameter* so it isn't affected.
> Cheers,
> -- Guido
Thanks, I'll update the Security Tracker.
Cheers,
Moritz
--
Moritz Mühlenhoff muehlenhoff@univention.de
Open Source Software Engineer
Univention GmbH be open. fon: +49 421 22 232- 0
Mary-Somerville-Str.1 28359 Bremen fax: +49 421 22 232-99
http://www.univention.de
Reply sent
to Guido Günther <agx@sigxcpu.org>:
You have taken responsibility.
(Wed, 01 Aug 2012 19:21:40 GMT) (full text, mbox, link).
Notification sent
to Moritz Muehlenhoff <muehlenhoff@univention.de>:
Bug acknowledged by developer.
(Wed, 01 Aug 2012 19:21:40 GMT) (full text, mbox, link).
Message #20 received at 683483-close@bugs.debian.org (full text, mbox, reply):
Source: libvirt
Source-Version: 0.9.13-1
We believe that the bug you reported is fixed in the latest version of
libvirt, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 683483@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Guido Günther <agx@sigxcpu.org> (supplier of updated libvirt package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Wed, 01 Aug 2012 13:14:30 +0200
Source: libvirt
Binary: libvirt-bin libvirt0 libvirt0-dbg libvirt-doc libvirt-dev python-libvirt libvirt-sanlock
Architecture: source all i386
Version: 0.9.13-1
Distribution: experimental
Urgency: low
Maintainer: Debian Libvirt Maintainers <pkg-libvirt-maintainers@lists.alioth.debian.org>
Changed-By: Guido Günther <agx@sigxcpu.org>
Description:
libvirt-bin - programs for the libvirt library
libvirt-dev - development files for the libvirt library
libvirt-doc - documentation for the libvirt library
libvirt-sanlock - library for interfacing with different virtualization systems
libvirt0 - library for interfacing with different virtualization systems
libvirt0-dbg - library for interfacing with different virtualization systems
python-libvirt - libvirt Python bindings
Closes: 683483
Changes:
libvirt (0.9.13-1) experimental; urgency=low
.
* [6cf501c] New upstream version 0.9.13
* [8ff7077] Fix CVE-2012-3445 with upstream commit
6039a2cb49c8af4c68460d2faf365a7e1c686c7b. (Closes: #683483)
Checksums-Sha1:
0d33caab07138955c633d7e0ad1b64fab26d5084 2353 libvirt_0.9.13-1.dsc
4a2f8391455e39624440571d9d369bf254b300f7 20276757 libvirt_0.9.13.orig.tar.gz
681577d147f48522d788508b06f1a1e7e33d720f 36417 libvirt_0.9.13-1.debian.tar.gz
a730b40f9bf9408a95da1f1fa967ad21c16d1864 2254034 libvirt-doc_0.9.13-1_all.deb
89dbb924db1bcc59233143f612f67ca234c9ee45 3782180 libvirt-bin_0.9.13-1_i386.deb
afce3914f2f62a7ef4ec66fae23a19d79fc959b3 2117660 libvirt0_0.9.13-1_i386.deb
715e5bb4032bbb7bc880a1b5132674ce57986c76 8344448 libvirt0-dbg_0.9.13-1_i386.deb
b7290f1da001314f3489f60cecdc166a7800ae9c 2467488 libvirt-dev_0.9.13-1_i386.deb
882b344096ad2df4b60bb816e3f595398598fe28 1482372 python-libvirt_0.9.13-1_i386.deb
2c0cf6f0c8d70de10d7700dd2a1f27139c4dc423 1203584 libvirt-sanlock_0.9.13-1_i386.deb
Checksums-Sha256:
bf407056d2ed694ab8a6af293bf5218463ac873750da341c54c74726c07e9265 2353 libvirt_0.9.13-1.dsc
d124e9915c88c195da9c008a6d855e53e555dca5816052e163dda61388359d5b 20276757 libvirt_0.9.13.orig.tar.gz
410c6ea8727c8fb355d4089e827e61ff310e393126bf5ad59770480ee7e5b016 36417 libvirt_0.9.13-1.debian.tar.gz
d2e0bb51c2eb6e383a39f7aeff458ae982edca177420e1b42c27e41c5ef9583a 2254034 libvirt-doc_0.9.13-1_all.deb
360ac4da1d54744509dbd2d90d54fbb51118a3388651262619cc4e0801b1c3d8 3782180 libvirt-bin_0.9.13-1_i386.deb
51bbfcdf82495be85c1fc69b98185e49efe9502ab1c5f864304cf41cce9838a4 2117660 libvirt0_0.9.13-1_i386.deb
b221f6544523e013e00d254f0ff4cf310d547254d63872426cadb9592706f1cd 8344448 libvirt0-dbg_0.9.13-1_i386.deb
51030dd967c08d7afc714f4fc7d68fe436724b802b4d62511621f142b0c72562 2467488 libvirt-dev_0.9.13-1_i386.deb
767902bd9d7f13ebc1073e49474341656414496bfd79df7830bb43bff2b66f53 1482372 python-libvirt_0.9.13-1_i386.deb
0f8f547f2d44b1e50eb8e5a62a98cedd29e8c434ab0588bf2bf9f9f7c29549e3 1203584 libvirt-sanlock_0.9.13-1_i386.deb
Files:
624ba15181783b445b9956dae3aa4122 2353 libs optional libvirt_0.9.13-1.dsc
86cbe53ee662e3b9e8bb0c63c737ba27 20276757 libs optional libvirt_0.9.13.orig.tar.gz
b64ff085f29241e0d4d2036999df95f1 36417 libs optional libvirt_0.9.13-1.debian.tar.gz
f8708fb7974f4999e2c543c3a6f7fe64 2254034 doc optional libvirt-doc_0.9.13-1_all.deb
0ddb3c825d9f1b2ce411396199d01624 3782180 admin optional libvirt-bin_0.9.13-1_i386.deb
47c0a341cc82a60e29fb9686b67a63e3 2117660 libs optional libvirt0_0.9.13-1_i386.deb
07478969c149f745a26c5ce5b8301152 8344448 debug extra libvirt0-dbg_0.9.13-1_i386.deb
95bda5780d85cc445939c32a201b0499 2467488 libdevel optional libvirt-dev_0.9.13-1_i386.deb
8470b450a8cc189cc4055f1f675ff6c1 1482372 python optional python-libvirt_0.9.13-1_i386.deb
4c77ccf69b762e06d1ef9620742e68cf 1203584 libs extra libvirt-sanlock_0.9.13-1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iD8DBQFQGRTrn88szT8+ZCYRAnKkAJ0ZCikux4lYqnYDPaGqoVNr5Q8BzQCfUQ2F
npPf4ryR0JaFpdLqg84N9lI=
=Mcvf
-----END PGP SIGNATURE-----
Reply sent
to Guido Günther <agx@sigxcpu.org>:
You have taken responsibility.
(Wed, 01 Aug 2012 19:51:07 GMT) (full text, mbox, link).
Notification sent
to Moritz Muehlenhoff <muehlenhoff@univention.de>:
Bug acknowledged by developer.
(Wed, 01 Aug 2012 19:51:08 GMT) (full text, mbox, link).
Message #25 received at 683483-close@bugs.debian.org (full text, mbox, reply):
Source: libvirt
Source-Version: 0.9.12-4
We believe that the bug you reported is fixed in the latest version of
libvirt, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 683483@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Guido Günther <agx@sigxcpu.org> (supplier of updated libvirt package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Wed, 01 Aug 2012 21:12:13 +0200
Source: libvirt
Binary: libvirt-bin libvirt0 libvirt0-dbg libvirt-doc libvirt-dev python-libvirt
Architecture: source all i386
Version: 0.9.12-4
Distribution: unstable
Urgency: low
Maintainer: Debian Libvirt Maintainers <pkg-libvirt-maintainers@lists.alioth.debian.org>
Changed-By: Guido Günther <agx@sigxcpu.org>
Description:
libvirt-bin - programs for the libvirt library
libvirt-dev - development files for the libvirt library
libvirt-doc - documentation for the libvirt library
libvirt0 - library for interfacing with different virtualization systems
libvirt0-dbg - library for interfacing with different virtualization systems
python-libvirt - libvirt Python bindings
Closes: 683483
Changes:
libvirt (0.9.12-4) unstable; urgency=low
.
* [80ac2a6] Fix CVE-2012-3445 with upstream commit
6039a2cb49c8af4c68460d2faf365a7e1c686c7b (Closes: #683483)
Checksums-Sha1:
5573a3db67a7cf8fb118235a8dc3fa3922101e41 2276 libvirt_0.9.12-4.dsc
a7ffa64c18a5ee448c98b1dc894a0a27e1670357 35935 libvirt_0.9.12-4.debian.tar.gz
efffe341cec4fd9d62373cbb028d9171c38dc7a7 2173654 libvirt-doc_0.9.12-4_all.deb
36eeed770a73b3216b0e82185570b80440a34a66 2333028 libvirt-bin_0.9.12-4_i386.deb
f3284743cfc13140865b32c32ee534f9387b6cd6 2122104 libvirt0_0.9.12-4_i386.deb
6c6ce13d8983a70d01c06dd010fcedf9dc28e82e 7473668 libvirt0-dbg_0.9.12-4_i386.deb
b13ec0e1cb6fee68bb514fb103e7254f586efdd2 2503108 libvirt-dev_0.9.12-4_i386.deb
7739c2b408819d225bcf47f207a6383a22e03d15 1420430 python-libvirt_0.9.12-4_i386.deb
Checksums-Sha256:
8f73e5e6f2265487ac1926f8a5565a466e989229523b02c145da67780bca3602 2276 libvirt_0.9.12-4.dsc
e75110c493995ba5366e751f20f3842f30674c3918357fa6eb83175d0afbec31 35935 libvirt_0.9.12-4.debian.tar.gz
7174ac19f3867526aaaefe6bcf2538aec287be6f825c0073ac28adacf41d79ba 2173654 libvirt-doc_0.9.12-4_all.deb
4b7e58d11dcf9806759158e0f7101ef2fb703fcd82bd6534858b551f1b86fed4 2333028 libvirt-bin_0.9.12-4_i386.deb
10b6cad92c5a3616264be6a29385664e5228b264040e6aa5bc9de5952b349d71 2122104 libvirt0_0.9.12-4_i386.deb
a6b1df085d8b0772c3fbfda2fad3617c7669c912a723f77958e30d5cda80880f 7473668 libvirt0-dbg_0.9.12-4_i386.deb
8272ccab4b5c717e107715fdb0e86abc391cfbe165626666c34b5d0bfca27566 2503108 libvirt-dev_0.9.12-4_i386.deb
7525cb122beb19486ed4ec72e7ad2395adb4228ef78bfed7a404efd415424c35 1420430 python-libvirt_0.9.12-4_i386.deb
Files:
5741de2eb48b94d0a6fdb523eb4c95a5 2276 libs optional libvirt_0.9.12-4.dsc
f328960d25e7c843f3ac5f9ba5064251 35935 libs optional libvirt_0.9.12-4.debian.tar.gz
218b65e4ecd48793518864380232db57 2173654 doc optional libvirt-doc_0.9.12-4_all.deb
2fb9a231197bf056e6448b52cbc487cd 2333028 admin optional libvirt-bin_0.9.12-4_i386.deb
e29ddda5d145c32ac594d16cfa06f54f 2122104 libs optional libvirt0_0.9.12-4_i386.deb
0f71e1c9ef0c803326e7f2f99650811f 7473668 debug extra libvirt0-dbg_0.9.12-4_i386.deb
173440c95e3deaf57d59c30ef6323b49 2503108 libdevel optional libvirt-dev_0.9.12-4_i386.deb
357fbeffecd95b52ee52ed2d864feeea 1420430 python optional python-libvirt_0.9.12-4_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iD8DBQFQGYTEn88szT8+ZCYRAriDAJ9EemYdEmLM92Ohe85XqZreBtoUUQCeNJ9Z
/N9UNa3/HqheURsMxTd7X/k=
=V8A2
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Thu, 30 Aug 2012 07:28:56 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 14:15:15 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon