[Pkg-libvirt-maintainers] Bug#1120119: Bug#1120119: libvirt-daemon: data leak for new offline snapshots
Andrea Bolognani
eof at kiyuko.org
Wed Nov 26 00:23:51 GMT 2025
On Sun, Nov 16, 2025 at 09:09:51AM +0100, Salvatore Bonaccorso wrote:
> On Fri, Nov 14, 2025 at 10:48:50PM +0100, Andrea Bolognani wrote:
> > On Fri, Nov 14, 2025 at 08:49:33AM +0100, Sylvain Beucler wrote:
> > > Was a CVE registered for this issue?
> > > It looks like something other distros should be aware of.
> >
> > Good point. CVE-2025-13193 has now been assigned to this issue. The
> > advisory hasn't been published yet, but I've been assured that it's
> > fine to mention the CVE ID here.
>
> Thanks for sharing the CVE. I have added this to the security-tracker
> as well.
Draft MR here:
https://salsa.debian.org/libvirt-team/libvirt/-/merge_requests/283
--
Andrea Bolognani <eof at kiyuko.org>
Resistance is futile, you will be garbage collected.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-libvirt-maintainers/attachments/20251126/b35eca85/attachment.sig>
More information about the Pkg-libvirt-maintainers
mailing list