[Pkg-libvirt-maintainers] Bug#701649: fixed in libvirt 0.9.12-8

Adam D. Barratt adam at adam-barratt.org.uk
Wed Mar 6 11:07:46 UTC 2013


On 06.03.2013 09:13, Guido Günther wrote:
> On Tue, Mar 05, 2013 at 08:48:03PM +0000, Adam D. Barratt wrote:
>> On Mon, 2013-03-04 at 18:02 +0000, Guido Günther wrote:
>> >  libvirt (0.9.12-8) unstable; urgency=low
>> >  .
>> >    * [181eab1] CVE-2013-1766: Use libvirt-qemu as group to run 
>> qemu/kvm
>> >      instances.  This makes sure we don't chown files to groups 
>> possibly used
>> >      by other programs. (Closes: #701649)
>>
>> I was looking at this with a view to unblocking it, but think there
>> might have been a small copy-n-waste error in the postrm changes;
>> specifically:
>>
>> @@ -25,6 +25,14 @@
>>                 delgroup libvirt || true
>>         fi
>>
>> +       if getent user libvirt-qemu >/dev/null; then
>>
>> "getent user" should be "getent passwd".
[...]
> Sorry for being sloppy and thanks for your review. I just uploaded a 
> new
> version.

Thanks for the quick turn-around. Unfortunately the "getent user" call 
above doesn't appear to be fixed in -9.

Regards,

Adam



More information about the Pkg-libvirt-maintainers mailing list