[Pkg-libvirt-maintainers] Bug#856313: Bug#856313: libvirt: CVE-2017-2635: Null pointer dereference when updating storage size on empty drives

Salvatore Bonaccorso carnil at debian.org
Tue Feb 28 05:21:08 UTC 2017


Hi Guido,

On Mon, Feb 27, 2017 at 09:00:33PM +0100, Guido Günther wrote:
> On Mon, Feb 27, 2017 at 05:17:05PM +0100, Salvatore Bonaccorso wrote:
> > Source: libvirt
> > Version: 3.0.0-2
> > Severity: grave
> > Tags: upstream patch security
> > Justification: user security hole
> > 
> > Hi Guido,
> > 
> > the following vulnerability was published for libvirt.
> > 
> > CVE-2017-2635[0]:
> > Null pointer dereference when updating storage size on empty drives
> 
> I just uploaded a fixed version to untable. Thanks for sorting out the
> correct version information!

Thanks for the very quick action! Will you request as well the unblock
to have the fix in stretch? I see there is one additional commit, hope
that is suitable as well for stretch (aka. Debianize virtlogd).

Regards,
Salvatore



More information about the Pkg-libvirt-maintainers mailing list