[Secure-testing-commits] r24289 - data/CVE
Salvatore Bonaccorso
carnil at alioth.debian.org
Mon Nov 4 18:24:31 UTC 2013
Author: carnil
Date: 2013-11-04 18:24:31 +0000 (Mon, 04 Nov 2013)
New Revision: 24289
Modified:
data/CVE/list
Log:
Add fixed version for libvirt issues: CVE-2013-4400 and CVE-2013-4401
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2013-11-04 15:07:00 UTC (rev 24288)
+++ data/CVE/list 2013-11-04 18:24:31 UTC (rev 24289)
@@ -4486,18 +4486,16 @@
- gnupg 1.4.15-1 (bug #725439)
CVE-2013-4401 [unintended API access due to incorrect permissions checks]
RESERVED
- - libvirt <unfixed> (bug #727101)
+ - libvirt 1.1.4-1 (bug #727101)
[squeeze] - libvirt <not-affected> (Introduced in 1.1.0, REMOTE_PROC_CONNECT_DOMAIN_XML_TO|FROM_NATIVE not yet present)
[wheezy] - libvirt <not-affected> (Introduced in 1.1.0, REMOTE_PROC_CONNECT_DOMAIN_XML_TO|FROM_NATIVE not yet present)
NOTE: http://libvirt.org/git/?p=libvirt.git;a=commit;h=57687fd6bf7f6e1b3662c52f3f26c06ab19dc96c
- NOTE: fixed in experimental 1.1.4~rc2-1, mark when first uploaded to unstable
CVE-2013-4400 [virt-login-shell arbitrary file overwrites vulnerability]
RESERVED
- - libvirt <unfixed> (bug #727101)
+ - libvirt 1.1.4-1 (bug #727101)
[squeeze] - libvirt <not-affected> (Introduced in 1.1.2, virt-login-shell not yet present)
[wheezy] - libvirt <not-affected> (Introduced in 1.1.2, virt-login-shell not yet present)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1015228#c3
- NOTE: fixed in experimental 1.1.4~rc2-1, mark when first uploaded to unstable
CVE-2013-4399 [unprivileged user can crash libvirtd when ACLs are enabled]
RESERVED
- libvirt <unfixed>
More information about the Secure-testing-commits
mailing list