[Pkg-libvirt-maintainers] Bug#762203: Bug#762203: CVE-2014-3633: qemu: out-of-bounds read access in qemuDomainGetBlockIoTune() due to invalid index
Guido Günther
agx at sigxcpu.org
Fri Sep 19 15:09:06 UTC 2014
On Fri, Sep 19, 2014 at 05:17:26PM +0300, Henri Salo wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Package: libvirt
> Version: 1.2.7-11
> Severity: important
> Tags: fixed-upstream, security
>
> Please fix following vulnerability in libvirt, thank you.
>
> CVE-2014-3633: qemu: out-of-bounds read access in qemuDomainGetBlockIoTune() due
> to invalid index
>
> When you fix the vulnerability please also make sure to include the CVE (Common
> Vulnerabilities & Exposures) id in your changelog entry.
>
> For further information see:
>
> Upstream fix: http://libvirt.org/git/?p=libvirt.git;a=commit;h=3e745e8f775dfe6f64f18b5c2fe4791b35d3546b
> Introduced in: http://libvirt.org/git/?p=libvirt.git;a=commitdiff;h=eca96694a7f992be633d48d5ca03cedc9bbc3c9a (v0.9.8)
> RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3633
Yes, I know about this but will not be unable to fix this until later
next week. It affects wheezy, jessie, sid and experimental. It's a
rather simple fix so if somebody could handle it, that'd be awesome.
Cheers,
-- Guido
More information about the Pkg-libvirt-maintainers
mailing list