[Pkg-libvirt-maintainers] Bug#856313: Bug#856313: libvirt: CVE-2017-2635: Null pointer dereference when updating storage size on empty drives
Salvatore Bonaccorso
carnil at debian.org
Tue Feb 28 05:21:08 UTC 2017
Hi Guido,
On Mon, Feb 27, 2017 at 09:00:33PM +0100, Guido Günther wrote:
> On Mon, Feb 27, 2017 at 05:17:05PM +0100, Salvatore Bonaccorso wrote:
> > Source: libvirt
> > Version: 3.0.0-2
> > Severity: grave
> > Tags: upstream patch security
> > Justification: user security hole
> >
> > Hi Guido,
> >
> > the following vulnerability was published for libvirt.
> >
> > CVE-2017-2635[0]:
> > Null pointer dereference when updating storage size on empty drives
>
> I just uploaded a fixed version to untable. Thanks for sorting out the
> correct version information!
Thanks for the very quick action! Will you request as well the unblock
to have the fix in stretch? I see there is one additional commit, hope
that is suitable as well for stretch (aka. Debianize virtlogd).
Regards,
Salvatore
More information about the Pkg-libvirt-maintainers
mailing list