libvirt: CVE-2013-2230

Debian Bug report logs - #715559
libvirt: CVE-2013-2230

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Moritz Muehlenhoff <jmm@inutil.org>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: libvirt: CVE-2013-2230

Date: Wed, 10 Jul 2013 14:48:48 +0200

Package: libvirt
Severity: grave
Tags: security

This was assigned CVE-2013-2230:
http://libvirt.org/git/?p=libvirt.git;a=commit;h=f38c8185f97720ecae7ef2291fbaa5d6b0209e17

Since it was introduced with http://libvirt.org/git/?p=libvirt.git;a=commit;h=abf75aea
oldstable and stable should not be affected. If you think otherwise, please contact
team@security.debian.org

Cheers,
        Moritz

Message #14 received at 715559-close@bugs.debian.org (full text, mbox, reply):

From: Guido Günther <agx@sigxcpu.org>

To: 715559-close@bugs.debian.org

Subject: Bug#715559: fixed in libvirt 1.1.0-3

Date: Tue, 16 Jul 2013 15:20:17 +0000

Source: libvirt
Source-Version: 1.1.0-3

We believe that the bug you reported is fixed in the latest version of
libvirt, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 715559@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Guido Günther <agx@sigxcpu.org> (supplier of updated libvirt package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Tue, 16 Jul 2013 16:03:40 +0200
Source: libvirt
Binary: libvirt-bin libvirt0 libvirt0-dbg libvirt-doc libvirt-dev python-libvirt libvirt-sanlock
Architecture: source i386 all
Version: 1.1.0-3
Distribution: unstable
Urgency: low
Maintainer: Debian Libvirt Maintainers <pkg-libvirt-maintainers@lists.alioth.debian.org>
Changed-By: Guido Günther <agx@sigxcpu.org>
Description: 
 libvirt-bin - programs for the libvirt library
 libvirt-dev - development files for the libvirt library
 libvirt-doc - documentation for the libvirt library
 libvirt-sanlock - library for interfacing with different virtualization systems
 libvirt0   - library for interfacing with different virtualization systems
 libvirt0-dbg - library for interfacing with different virtualization systems
 python-libvirt - libvirt Python bindings
Closes: 715200 715559 717059
Changes: 
 libvirt (1.1.0-3) unstable; urgency=low
 .
   * [3a2a899] Create directory for lease files if it's missing
     (Closes: #715200)
   * [000df64] Don't assume EXAMPLES_DIR exists as seen on the autobuilders
     (Closes: #717059)
   * [8369f65] Fix crash when multiple event callbacks were registered.
     CVE-2013-2230. Thanks to Ján Tomko (Closes: #715559)
Checksums-Sha1: 
 25665007c455ba0060deecb4f6cebca61653d50d 2511 libvirt_1.1.0-3.dsc
 88f5d79086b306fe1bf8c99c03080689fb5df8b5 41163 libvirt_1.1.0-3.debian.tar.gz
 122ef4823370f0efdee30610b241286b80f66f85 4092632 libvirt-bin_1.1.0-3_i386.deb
 f75e5f100e3c91f3926e87c9e8ff35ddc6797f4f 2386726 libvirt0_1.1.0-3_i386.deb
 0872ace14beeadbbaaa4b8de53a0a4b02505aec6 10589226 libvirt0-dbg_1.1.0-3_i386.deb
 43130dfda3ac6de1e311a56ccebc7b7570a1d42f 2749556 libvirt-doc_1.1.0-3_all.deb
 5dcea3c704ef39d332d669ce86c772e465887bd7 1512358 libvirt-dev_1.1.0-3_i386.deb
 4ff8869ed80e1ffc94849c71b2428c396ce7d0ac 1678670 python-libvirt_1.1.0-3_i386.deb
 47d9875d95d0563fb5da9304914a453e625e34d1 1507030 libvirt-sanlock_1.1.0-3_i386.deb
Checksums-Sha256: 
 d6fd0bf0d62f7d09035962923e00a60efb6dace88a6adc478ae5878797e7a6fa 2511 libvirt_1.1.0-3.dsc
 468455e2e0744e279249bf285daef3828123639f1dcd192ea6464a4f434947c3 41163 libvirt_1.1.0-3.debian.tar.gz
 2003d27ea573d4ebbf854131762355f009c5ff8b20133e17a6cd2d1aae879812 4092632 libvirt-bin_1.1.0-3_i386.deb
 783173a0777b1867b234d3de33f308af60e5b5f4adba34b9062e226c004c1b2f 2386726 libvirt0_1.1.0-3_i386.deb
 52aabe0cb835aea57550a8972df0a8b792be1b02f7727be26e1e6e998a5f6815 10589226 libvirt0-dbg_1.1.0-3_i386.deb
 64cb04a9d00454742c0428f03e55294308332ab2bf8749226c31177aea1402c0 2749556 libvirt-doc_1.1.0-3_all.deb
 37bf4a1fced70d1169d4fd0a2a56ecbec7dd6cbd406dd608c62dd670a8023072 1512358 libvirt-dev_1.1.0-3_i386.deb
 dba77c14207c79498f60d3573eff71d10857a74dcd45a8b03d7b44aa23f42b68 1678670 python-libvirt_1.1.0-3_i386.deb
 096296faba5ec1ca5655a69e57a9de04daad08eafa9ab53e35284f0b93b610d4 1507030 libvirt-sanlock_1.1.0-3_i386.deb
Files: 
 1a63191906908a34df7b35141edf4cf2 2511 libs optional libvirt_1.1.0-3.dsc
 4fac04324955925e7ca5ee517e535dcd 41163 libs optional libvirt_1.1.0-3.debian.tar.gz
 a8f0bc01d1af023385dda1d3180a670a 4092632 admin optional libvirt-bin_1.1.0-3_i386.deb
 60d96c719b7cee96d126a476bc08f1f9 2386726 libs optional libvirt0_1.1.0-3_i386.deb
 debde979e2dbe02cde5aed3017b17cf0 10589226 debug extra libvirt0-dbg_1.1.0-3_i386.deb
 d34cc040192aa5a2fa535a213c90dec1 2749556 doc optional libvirt-doc_1.1.0-3_all.deb
 ea088565a55fd4ff337c150a87183cda 1512358 libdevel optional libvirt-dev_1.1.0-3_i386.deb
 018faef857636dfcbdde03283402969b 1678670 python optional python-libvirt_1.1.0-3_i386.deb
 aaa4e10cfb52778abca0557a716b0a69 1507030 libs extra libvirt-sanlock_1.1.0-3_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFR5Vfun88szT8+ZCYRAp9rAJ4yo5JrEdZ+dbz9S4fXjYKctPp3oQCfW/4V
fq/fGFE7Ud1ejhy/LEKCD40=
=a0LM
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.