[Pkg-libvirt-maintainers] Bug#701649: fixed in libvirt 0.9.12-8
Guido Günther
agx at sigxcpu.org
Wed Mar 6 09:13:29 UTC 2013
On Tue, Mar 05, 2013 at 08:48:03PM +0000, Adam D. Barratt wrote:
> On Mon, 2013-03-04 at 18:02 +0000, Guido Günther wrote:
> > libvirt (0.9.12-8) unstable; urgency=low
> > .
> > * [181eab1] CVE-2013-1766: Use libvirt-qemu as group to run qemu/kvm
> > instances. This makes sure we don't chown files to groups possibly used
> > by other programs. (Closes: #701649)
>
> I was looking at this with a view to unblocking it, but think there
> might have been a small copy-n-waste error in the postrm changes;
> specifically:
>
> @@ -25,6 +25,14 @@
> delgroup libvirt || true
> fi
>
> + if getent user libvirt-qemu >/dev/null; then
>
> "getent user" should be "getent passwd".
>
> + deluser libvirt || true
>
> Presumably this should be "libvirt-qemu".
>
> + fi
> +
> + if getent group libvirt-qemu >/dev/null; then
> + delgroup libvirt || true
>
> Again, should be libvirt-qemu.
>
> As a side note, the debian/libvirt-bin.NEWS entry for the unstable
> upload should really reference 0.9.12-8 rather than 1.0.2-3.
Sorry for being sloppy and thanks for your review. I just uploaded a new
version.
Cheers,
-- Guido
More information about the Pkg-libvirt-maintainers
mailing list