[Pkg-libvirt-maintainers] libvirt 0.4.6-10+lenny1 stable update
Guido Günther
agx at sigxcpu.org
Wed Aug 18 10:59:35 UTC 2010
Dear release team,
please unblock libvirt 0.7.3-1. The version should have hit the archive
before the freeze got delayed by a couple of days. The upload fixes:
CVE-2010-2242, CVE-2010-2237, CVE-2010-2238, CVE-2010-2239
On Wed, Aug 18, 2010 at 11:01:31AM +0100, Adam D. Barratt wrote:
> Please could you send a new mail regarding the unblock request? That will
> allow us to keep track of it from a freeze point of view rather than
> having it inside a different thread.
> From a very quick look at the diff, there's at least
> libvirt-0.8.3/src/esx/esx_driver.c | 1192 +-
> libvirt-0.8.3/src/esx/esx_vi.c | 911 +
> libvirt-0.8.3/src/util/storage_file.c | 762 -
> which would need more careful review.
We don't have the ESX driver currently enabled in libvirt. The file
backend hat quiet some changes to fix the security issues. That's why
it's actually safer to pull in this version instead of backporting for
0.8.2 given that 0.8.3 is what we aimed for in Squeeze anyway.
Cheers,
-- Guido
More information about the Pkg-libvirt-maintainers
mailing list