[Pkg-libvirt-maintainers] Bug#734556: Bug#734556: libvirt: CVE-2013-6458: qemu: job usage issue in several APIs leading to libvirtd crash
Salvatore Bonaccorso
carnil at debian.org
Fri Jan 10 02:07:49 UTC 2014
Hi Guido,
On Thu, Jan 09, 2014 at 08:54:21AM +0100, Guido Günther wrote:
> On Wed, Jan 08, 2014 at 07:16:18AM +0100, Salvatore Bonaccorso wrote:
> > Package: libvirt
> > Severity: grave
> > Tags: security upstream patch fixed-upstream
> >
> > Hi Guido,
> >
> > Disclaimer: I have not checked to reproduce the crash, just shortly
> > checked latest unstable version. Have set grave as per "[...] could
> > allow an attacker who is able to establish a read-only connection to
> > libvirtd to crash libvirtd".
>
> I do think it affects all releases.
Thanks for checking already (and the fix to experimental). Adding the
found information for the BTS.
Regards,
Salvatore
More information about the Pkg-libvirt-maintainers
mailing list