[Pkg-libvirt-maintainers] Bug#701649: fixed in libvirt 0.9.12-8

Guido Günther agx at sigxcpu.org
Wed Mar 6 13:09:02 UTC 2013


On Wed, Mar 06, 2013 at 11:07:46AM +0000, Adam D. Barratt wrote:
> On 06.03.2013 09:13, Guido Günther wrote:
> >On Tue, Mar 05, 2013 at 08:48:03PM +0000, Adam D. Barratt wrote:
> >>On Mon, 2013-03-04 at 18:02 +0000, Guido Günther wrote:
> >>>  libvirt (0.9.12-8) unstable; urgency=low
> >>>  .
> >>>    * [181eab1] CVE-2013-1766: Use libvirt-qemu as group to run
> >>qemu/kvm
> >>>      instances.  This makes sure we don't chown files to
> >>groups possibly used
> >>>      by other programs. (Closes: #701649)
> >>
> >>I was looking at this with a view to unblocking it, but think there
> >>might have been a small copy-n-waste error in the postrm changes;
> >>specifically:
> >>
> >>@@ -25,6 +25,14 @@
> >>                delgroup libvirt || true
> >>        fi
> >>
> >>+       if getent user libvirt-qemu >/dev/null; then
> >>
> >>"getent user" should be "getent passwd".
> [...]
> >Sorry for being sloppy and thanks for your review. I just uploaded
> >a new
> >version.
> 
> Thanks for the quick turn-around. Unfortunately the "getent user"
> call above doesn't appear to be fixed in -9.
Another proof that there's just not enough time to work on Debian these
days. I shouldn't do this. Hopefully fixed now.
Cheers,
 -- Guido



More information about the Pkg-libvirt-maintainers mailing list