Debian Bug report logs -
#687598
libvirt: CVE-2012-4423
Reported by: Moritz Muehlenhoff <jmm@inutil.org>
Date: Fri, 14 Sep 2012 06:30:02 UTC
Severity: grave
Tags: security
Fixed in version libvirt/0.9.12-5
Done: Guido Günther <agx@sigxcpu.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian Libvirt Maintainers <pkg-libvirt-maintainers@lists.alioth.debian.org>
:
Bug#687598
; Package libvirt
.
(Fri, 14 Sep 2012 06:30:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Muehlenhoff <jmm@inutil.org>
:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian Libvirt Maintainers <pkg-libvirt-maintainers@lists.alioth.debian.org>
.
(Fri, 14 Sep 2012 06:30:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: libvirt
Severity: grave
Tags: security
Justification: user security hole
This has been assigned CVE-2012-4423:
https://www.redhat.com/archives/libvir-list/2012-September/msg00843.html
Cheers,
Moritz
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Libvirt Maintainers <pkg-libvirt-maintainers@lists.alioth.debian.org>
:
Bug#687598
; Package libvirt
.
(Fri, 14 Sep 2012 20:45:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Guido Günther <agx@sigxcpu.org>
:
Extra info received and forwarded to list. Copy sent to Debian Libvirt Maintainers <pkg-libvirt-maintainers@lists.alioth.debian.org>
.
(Fri, 14 Sep 2012 20:45:03 GMT) (full text, mbox, link).
Message #10 received at 687598@bugs.debian.org (full text, mbox, reply):
On Fri, Sep 14, 2012 at 08:25:34AM +0200, Moritz Muehlenhoff wrote:
> Package: libvirt
> Severity: grave
> Tags: security
> Justification: user security hole
>
> This has been assigned CVE-2012-4423:
> https://www.redhat.com/archives/libvir-list/2012-September/msg00843.html
According to https://www.redhat.com/archives/libvir-list/2012-September/msg00928.html
the regression was introduced in 0.9.3 so stable isn't affected. Build
for wheezy is forthcomming.
Cheers,
-- Guido
>
> Cheers,
> Moritz
>
> _______________________________________________
> Pkg-libvirt-maintainers mailing list
> Pkg-libvirt-maintainers@lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-libvirt-maintainers
>
Reply sent
to Guido Günther <agx@sigxcpu.org>
:
You have taken responsibility.
(Fri, 14 Sep 2012 21:21:06 GMT) (full text, mbox, link).
Notification sent
to Moritz Muehlenhoff <jmm@inutil.org>
:
Bug acknowledged by developer.
(Fri, 14 Sep 2012 21:21:06 GMT) (full text, mbox, link).
Message #15 received at 687598-close@bugs.debian.org (full text, mbox, reply):
Source: libvirt
Source-Version: 0.9.12-5
We believe that the bug you reported is fixed in the latest version of
libvirt, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 687598@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Guido Günther <agx@sigxcpu.org> (supplier of updated libvirt package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Fri, 14 Sep 2012 22:35:08 +0200
Source: libvirt
Binary: libvirt-bin libvirt0 libvirt0-dbg libvirt-doc libvirt-dev python-libvirt
Architecture: source all i386
Version: 0.9.12-5
Distribution: unstable
Urgency: high
Maintainer: Debian Libvirt Maintainers <pkg-libvirt-maintainers@lists.alioth.debian.org>
Changed-By: Guido Günther <agx@sigxcpu.org>
Description:
libvirt-bin - programs for the libvirt library
libvirt-dev - development files for the libvirt library
libvirt-doc - documentation for the libvirt library
libvirt0 - library for interfacing with different virtualization systems
libvirt0-dbg - library for interfacing with different virtualization systems
python-libvirt - libvirt Python bindings
Closes: 687598
Changes:
libvirt (0.9.12-5) unstable; urgency=high
.
* Setting urgency to high since it's a security only fix
* [c0f4995] New patch security-Fix-libvirtd-crash-possibility.patch.
Fix libvirtd crash possibility (CVE-2012-4423)
Thanks to Martin Kletzander (Closes: #687598)
Checksums-Sha1:
e23a6c39a628d7cd6bb23b240a1403949e08c2ed 2276 libvirt_0.9.12-5.dsc
345ef89809d95487151948f27364ce9fb9a76d78 36917 libvirt_0.9.12-5.debian.tar.gz
b57b4ec59c63d1423c2bf843032335fb7d2186f1 2173792 libvirt-doc_0.9.12-5_all.deb
7fc4ceba018facd1a86cc9e5872205b598675fea 2333308 libvirt-bin_0.9.12-5_i386.deb
75b4f749e82ca26614624dbd158048dbc5799fbd 2122112 libvirt0_0.9.12-5_i386.deb
f6b87e0dcc492407d3f8e8ab9785f5f6ba6bf978 7473766 libvirt0-dbg_0.9.12-5_i386.deb
f201b3be1187f448dbae121820b4e0d9c8546148 2503194 libvirt-dev_0.9.12-5_i386.deb
9ee0152d23950405b63efa2f9c0d2cc343942c14 1420456 python-libvirt_0.9.12-5_i386.deb
Checksums-Sha256:
33dc630df824ca118c9817c7379a51445e2a881451188363e3bb1a6f3697bcb8 2276 libvirt_0.9.12-5.dsc
2491abb168e0b7f743a65bc935d9613e85286eede59ce8843c84776633e104f4 36917 libvirt_0.9.12-5.debian.tar.gz
fa55f628c3b87fe1be4b1ba2d08337239832840612e8181b5498eb705336a594 2173792 libvirt-doc_0.9.12-5_all.deb
81751ef7a275594b889acb9f0af1a8332c0476921cb6e01d6600d33c9555fb38 2333308 libvirt-bin_0.9.12-5_i386.deb
1b1482682b6d5d32c7b33c4a4905ab0b4c70493662c718652ecdee86372a3ea6 2122112 libvirt0_0.9.12-5_i386.deb
cd93e25d5204fb0d1d22ddfe2b4eb6e6c19e8d4cbb23c82b10104d424ad6cbcc 7473766 libvirt0-dbg_0.9.12-5_i386.deb
da959529cfd3fa1bbe936597aac5d17849e6bfa39cacba6cd77e23e9e8d7d473 2503194 libvirt-dev_0.9.12-5_i386.deb
33443b1ce9791136dc62f009e3757bf0e54f4f2b187fe2765824b7f65c33fd60 1420456 python-libvirt_0.9.12-5_i386.deb
Files:
83a70b0cd02c0a72718c0099c60b452c 2276 libs optional libvirt_0.9.12-5.dsc
0453e25ba3934182887626a21660cad3 36917 libs optional libvirt_0.9.12-5.debian.tar.gz
18859ac5d8f82efa079e80ed6843df22 2173792 doc optional libvirt-doc_0.9.12-5_all.deb
da7e3dc2c5d994c3c9c7754f68f87acd 2333308 admin optional libvirt-bin_0.9.12-5_i386.deb
debbfeedb3fda8db1cf5ef2c22290494 2122112 libs optional libvirt0_0.9.12-5_i386.deb
2b5bdc4a693fa0014a37a5ad6037adb5 7473766 debug extra libvirt0-dbg_0.9.12-5_i386.deb
dd1988d629fdb92260a40105277407df 2503194 libdevel optional libvirt-dev_0.9.12-5_i386.deb
d12e182dab4650298a67b900afaba311 1420456 python optional python-libvirt_0.9.12-5_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iD8DBQFQU5rQn88szT8+ZCYRAgx3AJ0cDei+OyJxKxF+8WNqL94oXlXbJACcDKS0
01iAEq2d440/kzUM3jzCuVE=
=qQ1m
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org
.
(Sat, 13 Oct 2012 07:26:53 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 15:04:12 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.