[Pkg-libvirt-maintainers] Bug#701649: fixed in libvirt 0.9.12-8
Guido Günther
agx at sigxcpu.org
Wed Mar 6 13:09:02 UTC 2013
On Wed, Mar 06, 2013 at 11:07:46AM +0000, Adam D. Barratt wrote:
> On 06.03.2013 09:13, Guido Günther wrote:
> >On Tue, Mar 05, 2013 at 08:48:03PM +0000, Adam D. Barratt wrote:
> >>On Mon, 2013-03-04 at 18:02 +0000, Guido Günther wrote:
> >>> libvirt (0.9.12-8) unstable; urgency=low
> >>> .
> >>> * [181eab1] CVE-2013-1766: Use libvirt-qemu as group to run
> >>qemu/kvm
> >>> instances. This makes sure we don't chown files to
> >>groups possibly used
> >>> by other programs. (Closes: #701649)
> >>
> >>I was looking at this with a view to unblocking it, but think there
> >>might have been a small copy-n-waste error in the postrm changes;
> >>specifically:
> >>
> >>@@ -25,6 +25,14 @@
> >> delgroup libvirt || true
> >> fi
> >>
> >>+ if getent user libvirt-qemu >/dev/null; then
> >>
> >>"getent user" should be "getent passwd".
> [...]
> >Sorry for being sloppy and thanks for your review. I just uploaded
> >a new
> >version.
>
> Thanks for the quick turn-around. Unfortunately the "getent user"
> call above doesn't appear to be fixed in -9.
Another proof that there's just not enough time to work on Debian these
days. I shouldn't do this. Hopefully fixed now.
Cheers,
-- Guido
More information about the Pkg-libvirt-maintainers
mailing list