[Pkg-libvirt-maintainers] Bug#701649: fixed in libvirt 0.9.12-8

Guido Günther agx at sigxcpu.org
Wed Mar 6 09:13:29 UTC 2013


On Tue, Mar 05, 2013 at 08:48:03PM +0000, Adam D. Barratt wrote:
> On Mon, 2013-03-04 at 18:02 +0000, Guido Günther wrote:
> >  libvirt (0.9.12-8) unstable; urgency=low
> >  .
> >    * [181eab1] CVE-2013-1766: Use libvirt-qemu as group to run qemu/kvm
> >      instances.  This makes sure we don't chown files to groups possibly used
> >      by other programs. (Closes: #701649)
> 
> I was looking at this with a view to unblocking it, but think there
> might have been a small copy-n-waste error in the postrm changes;
> specifically:
> 
> @@ -25,6 +25,14 @@
>                 delgroup libvirt || true
>         fi
>  
> +       if getent user libvirt-qemu >/dev/null; then
> 
> "getent user" should be "getent passwd".
> 
> +               deluser libvirt || true
> 
> Presumably this should be "libvirt-qemu".
> 
> +       fi
> +
> +       if getent group libvirt-qemu >/dev/null; then
> +               delgroup libvirt || true
> 
> Again, should be libvirt-qemu.
> 
> As a side note, the debian/libvirt-bin.NEWS entry for the unstable
> upload should really reference 0.9.12-8 rather than 1.0.2-3.

Sorry for being sloppy and thanks for your review. I just uploaded a new
version.
Cheers,
 -- Guido



More information about the Pkg-libvirt-maintainers mailing list