[Pkg-libvirt-maintainers] Bug#856313: Bug#856313: libvirt: CVE-2017-2635: Null pointer dereference when updating storage size on empty drives
Guido Günther
agx at sigxcpu.org
Mon Feb 27 20:00:33 UTC 2017
On Mon, Feb 27, 2017 at 05:17:05PM +0100, Salvatore Bonaccorso wrote:
> Source: libvirt
> Version: 3.0.0-2
> Severity: grave
> Tags: upstream patch security
> Justification: user security hole
>
> Hi Guido,
>
> the following vulnerability was published for libvirt.
>
> CVE-2017-2635[0]:
> Null pointer dereference when updating storage size on empty drives
I just uploaded a fixed version to untable. Thanks for sorting out the
correct version information!
-- Guido
>
> If you fix the vulnerability please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
>
> For further information see:
>
> [0] https://security-tracker.debian.org/tracker/CVE-2017-2635
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2635
>
> Regards,
> Salvatore
>
> p.s.: if you are short on time, I can happily prepare a NMU for this
> one.
>
> _______________________________________________
> Pkg-libvirt-maintainers mailing list
> Pkg-libvirt-maintainers at lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-libvirt-maintainers
>
More information about the Pkg-libvirt-maintainers
mailing list