[Pkg-libvirt-maintainers] Bug#701649: fixed in libvirt 0.9.12-8
Adam D. Barratt
adam at adam-barratt.org.uk
Tue Mar 5 20:48:03 UTC 2013
On Mon, 2013-03-04 at 18:02 +0000, Guido Günther wrote:
> libvirt (0.9.12-8) unstable; urgency=low
> .
> * [181eab1] CVE-2013-1766: Use libvirt-qemu as group to run qemu/kvm
> instances. This makes sure we don't chown files to groups possibly used
> by other programs. (Closes: #701649)
I was looking at this with a view to unblocking it, but think there
might have been a small copy-n-waste error in the postrm changes;
specifically:
@@ -25,6 +25,14 @@
delgroup libvirt || true
fi
+ if getent user libvirt-qemu >/dev/null; then
"getent user" should be "getent passwd".
+ deluser libvirt || true
Presumably this should be "libvirt-qemu".
+ fi
+
+ if getent group libvirt-qemu >/dev/null; then
+ delgroup libvirt || true
Again, should be libvirt-qemu.
As a side note, the debian/libvirt-bin.NEWS entry for the unstable
upload should really reference 0.9.12-8 rather than 1.0.2-3.
Regards,
Adam
More information about the Pkg-libvirt-maintainers
mailing list