Debian Bug report logs -
#796111
CVE-2015-5160
Reported by: Moritz Muehlenhoff <jmm@debian.org>
Date: Wed, 19 Aug 2015 14:57:02 UTC
Severity: normal
Tags: security
Found in versions libvirt/0.9.12-5, libvirt/0.9.12.3-1
Fixed in version libvirt/2.2.0-1
Done: Salvatore Bonaccorso <carnil@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian Libvirt Maintainers <pkg-libvirt-maintainers@lists.alioth.debian.org>:
Bug#796111; Package src:libvirt.
(Wed, 19 Aug 2015 14:57:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Muehlenhoff <jmm@debian.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian Libvirt Maintainers <pkg-libvirt-maintainers@lists.alioth.debian.org>.
(Wed, 19 Aug 2015 14:57:05 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: libvirt
Severity: normal
Tags: security
This was assigned CVE-2015-5160:
https://www.redhat.com/archives/libvir-list/2011-November/msg00853.html
Cheers,
Moritz
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Libvirt Maintainers <pkg-libvirt-maintainers@lists.alioth.debian.org>:
Bug#796111; Package src:libvirt.
(Wed, 19 Aug 2015 15:03:14 GMT) (full text, mbox, link).
Acknowledgement sent
to Guido Günther <agx@sigxcpu.org>:
Extra info received and forwarded to list. Copy sent to Debian Libvirt Maintainers <pkg-libvirt-maintainers@lists.alioth.debian.org>.
(Wed, 19 Aug 2015 15:03:14 GMT) (full text, mbox, link).
Message #10 received at 796111@bugs.debian.org (full text, mbox, reply):
Hi,
On Wed, Aug 19, 2015 at 04:53:46PM +0200, Moritz Muehlenhoff wrote:
> Source: libvirt
> Severity: normal
> Tags: security
>
> This was assigned CVE-2015-5160:
> https://www.redhat.com/archives/libvir-list/2011-November/msg00853.html
This is known upstream and needs changes on the QEMU side. As I wrote in
the tracker it affects other storage filesystems as well.
Cheers,
-- Guido
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Libvirt Maintainers <pkg-libvirt-maintainers@lists.alioth.debian.org>:
Bug#796111; Package src:libvirt.
(Wed, 19 Aug 2015 15:09:15 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Mühlenhoff <jmm@inutil.org>:
Extra info received and forwarded to list. Copy sent to Debian Libvirt Maintainers <pkg-libvirt-maintainers@lists.alioth.debian.org>.
(Wed, 19 Aug 2015 15:09:15 GMT) (full text, mbox, link).
Message #15 received at 796111@bugs.debian.org (full text, mbox, reply):
On Wed, Aug 19, 2015 at 05:00:53PM +0200, Guido Günther wrote:
> Hi,
> On Wed, Aug 19, 2015 at 04:53:46PM +0200, Moritz Muehlenhoff wrote:
> > Source: libvirt
> > Severity: normal
> > Tags: security
> >
> > This was assigned CVE-2015-5160:
> > https://www.redhat.com/archives/libvir-list/2011-November/msg00853.html
>
> This is known upstream and needs changes on the QEMU side. As I wrote in
> the tracker it affects other storage filesystems as well.
Sure, I had seen that, but it would still be good to track this via the
BTS (especially due to it overlapping with other components).
Cheers,
Moritz
Marked as found in versions libvirt/0.9.12.3-1.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Wed, 19 Aug 2015 15:33:04 GMT) (full text, mbox, link).
Marked as found in versions libvirt/0.9.12-5.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Wed, 19 Aug 2015 15:54:09 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Libvirt Maintainers <pkg-libvirt-maintainers@lists.alioth.debian.org>:
Bug#796111; Package src:libvirt.
(Fri, 08 Apr 2016 17:06:06 GMT) (full text, mbox, link).
Acknowledgement sent
to Nicholas Luedtke <nicholas.luedtke@hpe.com>:
Extra info received and forwarded to list. Copy sent to Debian Libvirt Maintainers <pkg-libvirt-maintainers@lists.alioth.debian.org>.
(Fri, 08 Apr 2016 17:06:07 GMT) (full text, mbox, link).
Message #24 received at 796111@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Hi,
QEMU seems to be fixed enough to allow a fix for libvirt to go forward.
https://bugzilla.redhat.com/show_bug.cgi?id=1245647
https://lists.gnu.org/archive/html/qemu-devel/2016-02/msg01624.html
--
Nicholas Luedtke
HPE Linux, Hewlett-Packard Enterprise
[signature.asc (application/pgp-signature, attachment)]
Marked as fixed in versions libvirt/2.2.0-1.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Sat, 22 Jul 2017 15:27:03 GMT) (full text, mbox, link).
Marked Bug as done
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Sat, 22 Jul 2017 15:27:04 GMT) (full text, mbox, link).
Notification sent
to Moritz Muehlenhoff <jmm@debian.org>:
Bug acknowledged by developer.
(Sat, 22 Jul 2017 15:27:04 GMT) (full text, mbox, link).
Message sent on
to Moritz Muehlenhoff <jmm@debian.org>:
Bug#796111.
(Sat, 22 Jul 2017 15:27:05 GMT) (full text, mbox, link).
Message #33 received at 796111-submitter@bugs.debian.org (full text, mbox, reply):
close 796111 2.2.0-1
thanks
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Sun, 20 Aug 2017 07:26:32 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 17:24:57 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon