[Pkg-libvirt-maintainers] Bug#701649: fixed in libvirt 0.9.12-8
Adam D. Barratt
adam at adam-barratt.org.uk
Wed Mar 6 11:07:46 UTC 2013
On 06.03.2013 09:13, Guido Günther wrote:
> On Tue, Mar 05, 2013 at 08:48:03PM +0000, Adam D. Barratt wrote:
>> On Mon, 2013-03-04 at 18:02 +0000, Guido Günther wrote:
>> > libvirt (0.9.12-8) unstable; urgency=low
>> > .
>> > * [181eab1] CVE-2013-1766: Use libvirt-qemu as group to run
>> qemu/kvm
>> > instances. This makes sure we don't chown files to groups
>> possibly used
>> > by other programs. (Closes: #701649)
>>
>> I was looking at this with a view to unblocking it, but think there
>> might have been a small copy-n-waste error in the postrm changes;
>> specifically:
>>
>> @@ -25,6 +25,14 @@
>> delgroup libvirt || true
>> fi
>>
>> + if getent user libvirt-qemu >/dev/null; then
>>
>> "getent user" should be "getent passwd".
[...]
> Sorry for being sloppy and thanks for your review. I just uploaded a
> new
> version.
Thanks for the quick turn-around. Unfortunately the "getent user" call
above doesn't appear to be fixed in -9.
Regards,
Adam
More information about the Pkg-libvirt-maintainers
mailing list