[Pkg-libvirt-maintainers] Bug#963474: libvirt: leak of sensitive cookie information via dumpxml
Salvatore Bonaccorso
carnil at debian.org
Mon Jun 22 07:28:34 BST 2020
Source: libvirt
Version: 6.2.0-1
Severity: grave
Tags: security upstream
Hi
libvirt starting from 6.2.0-rc1 upsteram is affected by
CVE-2020-14301, leak of sensitive cookie information via dumpxml. I'm
filling it as RC severity as it does not affect current unstable
version and the vession in unstable should not move to testing later
on without the fix.
Details are in https://bugzilla.redhat.com/show_bug.cgi?id=1848640
referencing the upstream commits as per
https://github.com/libvirt/libvirt/commit/a5b064bf4b17a9884d7d361733737fb614ad8979
https://github.com/libvirt/libvirt/commit/524de6cc35d3b222f0e940bb0fd027f5482572c5
Regards,
Salvatore
More information about the Pkg-libvirt-maintainers
mailing list