[Pkg-libvirt-maintainers] Bug#963474: libvirt: leak of sensitive cookie information via dumpxml

Salvatore Bonaccorso carnil at debian.org
Mon Jun 22 07:28:34 BST 2020


Source: libvirt
Version: 6.2.0-1
Severity: grave
Tags: security upstream

Hi

libvirt starting from 6.2.0-rc1 upsteram is affected by
CVE-2020-14301, leak of sensitive cookie information via dumpxml. I'm
filling it as RC severity as it does not affect current unstable
version and the vession in unstable should not move to testing later
on without the fix.

Details are in https://bugzilla.redhat.com/show_bug.cgi?id=1848640
referencing the upstream commits as per
https://github.com/libvirt/libvirt/commit/a5b064bf4b17a9884d7d361733737fb614ad8979
https://github.com/libvirt/libvirt/commit/524de6cc35d3b222f0e940bb0fd027f5482572c5

Regards,
Salvatore



More information about the Pkg-libvirt-maintainers mailing list