[Pkg-libvirt-maintainers] Bug#856313: Bug#856313: libvirt: CVE-2017-2635: Null pointer dereference when updating storage size on empty drives

Guido Günther agx at sigxcpu.org
Tue Feb 28 07:41:46 UTC 2017


On Tue, Feb 28, 2017 at 06:21:08AM +0100, Salvatore Bonaccorso wrote:
> Hi Guido,
> 
> On Mon, Feb 27, 2017 at 09:00:33PM +0100, Guido Günther wrote:
> > On Mon, Feb 27, 2017 at 05:17:05PM +0100, Salvatore Bonaccorso wrote:
> > > Source: libvirt
> > > Version: 3.0.0-2
> > > Severity: grave
> > > Tags: upstream patch security
> > > Justification: user security hole
> > > 
> > > Hi Guido,
> > > 
> > > the following vulnerability was published for libvirt.
> > > 
> > > CVE-2017-2635[0]:
> > > Null pointer dereference when updating storage size on empty drives
> > 
> > I just uploaded a fixed version to untable. Thanks for sorting out the
> > correct version information!
> 
> Thanks for the very quick action! Will you request as well the unblock
> to have the fix in stretch? I see there is one additional commit, hope

Sure, just wanted to make sure the buildds are happy with it.

> that is suitable as well for stretch (aka. Debianize virtlogd).

It hopefully is, otherwise we'd fetch the config from the wrong
location.
Cheers,
 -- Guido



More information about the Pkg-libvirt-maintainers mailing list