[Pkg-libvirt-commits] [SCM] Libvirt Debian packaging branch, squeeze, updated. debian/0.8.3-5+squeeze1
Guido Günther
agx at sigxcpu.org
Fri Mar 18 09:07:35 UTC 2011
The following commit has been merged in the squeeze branch:
commit b14089cfcdb39f0782d2b26f84b6ccb330845d10
Author: Guido Günther <agx at sigxcpu.org>
Date: Mon Mar 14 21:33:46 2011 +0100
Document changes and release 0.8.3-5+squeeze1
diff --git a/debian/changelog b/debian/changelog
index dec5fa6..613a08b 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,21 @@
+libvirt (0.8.3-5+squeeze1) stable-security; urgency=low
+
+ * [0ee351f] [CVE-2011-1146] Add missing checks for read only connections.
+ Some API forgot to check the read-only status of the connection for
+ entry point which modify the state of the system or may lead to a remote
+ execution using user data.
+ The entry points concerned are:
+ - virConnectDomainXMLToNative
+ - virNodeDeviceDettach
+ - virNodeDeviceReAttach
+ - virNodeDeviceReset
+ - virDomainRevertToSnapshot
+ - virDomainSnapshotDelete
+ src/libvirt.c: fix the above set of entry points to error on read-only
+ (Closes: #617773)
+
+ -- Guido Günther <agx at sigxcpu.org> Mon, 14 Mar 2011 21:33:33 +0100
+
libvirt (0.8.3-5+squeeze0) stable; urgency=low
[ Laurent Léonard ]
--
Libvirt Debian packaging
More information about the Pkg-libvirt-commits
mailing list