[Pkg-libvirt-maintainers] Bug#769149: Bug#769149: libvirt: CVE-2014-7823: dumpxml: information leak with migratable flag
Guido Günther
agx at sigxcpu.org
Wed Nov 12 08:55:39 UTC 2014
On Tue, Nov 11, 2014 at 08:37:04PM +0100, Salvatore Bonaccorso wrote:
> Source: libvirt
> Version: 1.0.0-1
> Severity: important
> Tags: security upstream patch fixed-upstream
>
> Hi,
>
> the following vulnerability was published for libvirt, opening a but
> in the BTS to have track of it in BTS additionally to
> security-tracker.
>
> CVE-2014-7823[0]:
> dumpxml: information leak with migratable flag
>
> AFAICS [1] applies from a quick look, but the first hunk is in
> libvirt.c.
Fortunately we have -maint branches upstream for this. Uploaded now.
Cheers,
-- Guido
>
> If you fix the vulnerability please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
>
> For further information see:
>
> [0] https://security-tracker.debian.org/tracker/CVE-2014-7823
> [1] http://libvirt.org/git/?p=libvirt.git;a=commit;h=b1674ad5a97441b7e1bd5f5ebaff498ef2fbb11b
>
> Regards,
> Salvatore
>
> _______________________________________________
> Pkg-libvirt-maintainers mailing list
> Pkg-libvirt-maintainers at lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-libvirt-maintainers
>
More information about the Pkg-libvirt-maintainers
mailing list