Debian Bug report logs -
#629128
regression in 0.8.8 reopens security issue
Reported by: "Thijs Kinkhorst" <thijs@debian.org>
Date: Fri, 3 Jun 2011 18:15:04 UTC
Severity: serious
Tags: patch
Found in version 0.8.8-1
Fixed in version libvirt/0.9.1-2
Done: Laurent Léonard <laurent@open-minds.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, Debian Libvirt Maintainers <pkg-libvirt-maintainers@lists.alioth.debian.org>:
Bug#629128; Package libvirt.
(Fri, 03 Jun 2011 18:15:07 GMT) (full text, mbox, link).
Acknowledgement sent
to "Thijs Kinkhorst" <thijs@debian.org>:
New Bug report received and forwarded. Copy sent to Debian Libvirt Maintainers <pkg-libvirt-maintainers@lists.alioth.debian.org>.
(Fri, 03 Jun 2011 18:15:07 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: libvirt
Version: 0.8.8-1
Severity: serious
Tags: patch
Hi,
Version 0.8.8 introduced a regression which reopens a security issue.
Please see:
https://bugzilla.redhat.com/show_bug.cgi?id=709769
https://www.redhat.com/archives/libvir-list/2011-May/msg01935.html
Can you ensure that unstable and testing are fixed? Please reference
CVE-2011-2178 in you changelog when you fix this issue.
Thanks,
Thijs
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Libvirt Maintainers <pkg-libvirt-maintainers@lists.alioth.debian.org>:
Bug#629128; Package libvirt.
(Fri, 03 Jun 2011 19:09:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Guido Günther <agx@sigxcpu.org>:
Extra info received and forwarded to list. Copy sent to Debian Libvirt Maintainers <pkg-libvirt-maintainers@lists.alioth.debian.org>.
(Fri, 03 Jun 2011 19:09:03 GMT) (full text, mbox, link).
Message #10 received at 629128@bugs.debian.org (full text, mbox, reply):
On Fri, Jun 03, 2011 at 08:14:12PM +0200, Thijs Kinkhorst wrote:
> Package: libvirt
> Version: 0.8.8-1
> Severity: serious
> Tags: patch
>
> Hi,
>
> Version 0.8.8 introduced a regression which reopens a security issue.
> Please see:
> https://bugzilla.redhat.com/show_bug.cgi?id=709769
> https://www.redhat.com/archives/libvir-list/2011-May/msg01935.html
>
> Can you ensure that unstable and testing are fixed? Please reference
> CVE-2011-2178 in you changelog when you fix this issue.
I won't be able to handle this during the next days so an NMU would be
welcome. This affects testing, sid and squeeze-backports.
Cheers,
-- Guido
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Libvirt Maintainers <pkg-libvirt-maintainers@lists.alioth.debian.org>:
Bug#629128; Package libvirt.
(Fri, 03 Jun 2011 22:57:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Laurent Léonard <laurent@open-minds.org>:
Extra info received and forwarded to list. Copy sent to Debian Libvirt Maintainers <pkg-libvirt-maintainers@lists.alioth.debian.org>.
(Fri, 03 Jun 2011 22:57:04 GMT) (full text, mbox, link).
Message #15 received at 629128@bugs.debian.org (full text, mbox, reply):
Le vendredi 3 juin 2011 21:06:16, Guido Günther a écrit :
> On Fri, Jun 03, 2011 at 08:14:12PM +0200, Thijs Kinkhorst wrote:
> > Package: libvirt
> > Version: 0.8.8-1
> > Severity: serious
> > Tags: patch
> >
> > Hi,
> >
> > Version 0.8.8 introduced a regression which reopens a security issue.
> > Please see:
> > https://bugzilla.redhat.com/show_bug.cgi?id=709769
> > https://www.redhat.com/archives/libvir-list/2011-May/msg01935.html
> >
> > Can you ensure that unstable and testing are fixed? Please reference
> > CVE-2011-2178 in you changelog when you fix this issue.
>
> I won't be able to handle this during the next days so an NMU would be
> welcome. This affects testing, sid and squeeze-backports.
I will handle it.
--
Laurent Léonard
Reply sent
to Laurent Léonard <laurent@open-minds.org>:
You have taken responsibility.
(Sat, 04 Jun 2011 00:36:07 GMT) (full text, mbox, link).
Notification sent
to "Thijs Kinkhorst" <thijs@debian.org>:
Bug acknowledged by developer.
(Sat, 04 Jun 2011 00:36:07 GMT) (full text, mbox, link).
Message #20 received at 629128-close@bugs.debian.org (full text, mbox, reply):
Source: libvirt
Source-Version: 0.9.1-2
We believe that the bug you reported is fixed in the latest version of
libvirt, which is due to be installed in the Debian FTP archive:
libvirt-bin_0.9.1-2_amd64.deb
to main/libv/libvirt/libvirt-bin_0.9.1-2_amd64.deb
libvirt-dev_0.9.1-2_amd64.deb
to main/libv/libvirt/libvirt-dev_0.9.1-2_amd64.deb
libvirt-doc_0.9.1-2_all.deb
to main/libv/libvirt/libvirt-doc_0.9.1-2_all.deb
libvirt0-dbg_0.9.1-2_amd64.deb
to main/libv/libvirt/libvirt0-dbg_0.9.1-2_amd64.deb
libvirt0_0.9.1-2_amd64.deb
to main/libv/libvirt/libvirt0_0.9.1-2_amd64.deb
libvirt_0.9.1-2.debian.tar.gz
to main/libv/libvirt/libvirt_0.9.1-2.debian.tar.gz
libvirt_0.9.1-2.dsc
to main/libv/libvirt/libvirt_0.9.1-2.dsc
python-libvirt_0.9.1-2_amd64.deb
to main/libv/libvirt/python-libvirt_0.9.1-2_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 629128@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Laurent Léonard <laurent@open-minds.org> (supplier of updated libvirt package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sat, 04 Jun 2011 01:53:43 +0200
Source: libvirt
Binary: libvirt-bin libvirt0 libvirt0-dbg libvirt-doc libvirt-dev python-libvirt
Architecture: source all amd64
Version: 0.9.1-2
Distribution: unstable
Urgency: high
Maintainer: Debian Libvirt Maintainers <pkg-libvirt-maintainers@lists.alioth.debian.org>
Changed-By: Laurent Léonard <laurent@open-minds.org>
Description:
libvirt-bin - the programs for the libvirt library
libvirt-dev - development files for the libvirt library
libvirt-doc - documentation for the libvirt library
libvirt0 - library for interfacing with different virtualization systems
libvirt0-dbg - library for interfacing with different virtualization systems
python-libvirt - libvirt Python bindings
Closes: 629128
Changes:
libvirt (0.9.1-2) unstable; urgency=high
.
* [4fbc990] New patch security-plug-regression-introduced-in-disk-probe-lo.
patch (Closes: #629128)
- Fixes: CVE-2011-2178
Checksums-Sha1:
eaa792d93f92c9877cc8fd83009fe0598058e780 1923 libvirt_0.9.1-2.dsc
011f9325c5f32b21d2ad3acef382a2626ce6cf3d 31332 libvirt_0.9.1-2.debian.tar.gz
359ca228ed21b5fff2c821de8ef412ded18faf48 1484338 libvirt-doc_0.9.1-2_all.deb
ca034b535d8883387535ab14cf4ddba0f4045ec9 1421106 libvirt-bin_0.9.1-2_amd64.deb
e049ba2471cfd0462ce56795a2b16269cb709173 1368836 libvirt0_0.9.1-2_amd64.deb
f8b2a894e4dbc6819d8d4309110e51bf34d4e9c1 4276686 libvirt0-dbg_0.9.1-2_amd64.deb
bc45714ec108d7c73a0a118e051bbe9a915d40c3 1644362 libvirt-dev_0.9.1-2_amd64.deb
9889c1877da9d91f281c76cf7a7d02a2be43b25a 674324 python-libvirt_0.9.1-2_amd64.deb
Checksums-Sha256:
de8b570b1e8e82836237e3884444288ad019710766048188d209d3fd373b50e0 1923 libvirt_0.9.1-2.dsc
aeb99fa4f4bc616743c878ef75bbd80dc83893aad5ae0cab5ab9b284b633b2f2 31332 libvirt_0.9.1-2.debian.tar.gz
e3d21a6235e9dd046c339528de1bc85d3b2e6d1b2c7c717a7b07ccf5b94bc280 1484338 libvirt-doc_0.9.1-2_all.deb
dc2b69e8157cfbb8bb81ef93fc07b48701e9c7603f151b466dd7bc6c6babb1f4 1421106 libvirt-bin_0.9.1-2_amd64.deb
68d698d754ea48f67be6d1b2445bdb49c2f21cf326e2d6f6edac30527a903b6e 1368836 libvirt0_0.9.1-2_amd64.deb
b6b48f7f88b09b1fb9bd52f033bcf3a6aae99c741d8bbe72354db7da7fdd7b06 4276686 libvirt0-dbg_0.9.1-2_amd64.deb
57e724ee2c49e4a5ce365c92b84cde0736dcf953f87d14901190a532828eb8bf 1644362 libvirt-dev_0.9.1-2_amd64.deb
3f0654856d7a871a4cee41f3172387653e439cae34a8bf3142d08ab69eabb778 674324 python-libvirt_0.9.1-2_amd64.deb
Files:
e7f71a894580d1db361c33f10ee03a3e 1923 libs optional libvirt_0.9.1-2.dsc
00e875a97f96bca02425c74e76827e70 31332 libs optional libvirt_0.9.1-2.debian.tar.gz
889a7f40975c0d5ab1d653c5f69b3017 1484338 doc optional libvirt-doc_0.9.1-2_all.deb
98ba517d93de8be26e6cadfd49dc6e72 1421106 admin optional libvirt-bin_0.9.1-2_amd64.deb
3623716cc05c996d8630fcd842c6ed22 1368836 libs optional libvirt0_0.9.1-2_amd64.deb
f37c72270f9e9d69ec01b9770df98fb9 4276686 debug extra libvirt0-dbg_0.9.1-2_amd64.deb
b0575062a4154883963175e8636bda0a 1644362 libdevel optional libvirt-dev_0.9.1-2_amd64.deb
5b8aac88c59694aceffd6427a7b9c5f4 674324 python optional python-libvirt_0.9.1-2_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iEYEARECAAYFAk3pedgACgkQKEZvGlTCoYWNWgCfUWlZVE+2nBniAefLxnbzfg+B
MYMAmgLMRQ1jGfqL3a0jBUHPG4VunInA
=Drjb
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Sun, 24 Jul 2011 07:33:59 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 17:42:40 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon