On Tue, Nov 11, 2014 at 08:37:04PM +0100, Salvatore Bonaccorso wrote: > Source: libvirt > Version: 1.0.0-1 > Severity: important > Tags: security upstream patch fixed-upstream > > Hi, > > the following vulnerability was published for libvirt, opening a but > in the BTS to have track of it in BTS additionally to > security-tracker. > > CVE-2014-7823[0]: > dumpxml: information leak with migratable flag > > AFAICS [1] applies from a quick look, but the first hunk is in > libvirt.c.
Fortunately we have -maint branches upstream for this. Uploaded now. Cheers, -- Guido > > If you fix the vulnerability please also make sure to include the > CVE (Common Vulnerabilities & Exposures) id in your changelog entry. > > For further information see: > > [0] https://security-tracker.debian.org/tracker/CVE-2014-7823 > [1] > http://libvirt.org/git/?p=libvirt.git;a=commit;h=b1674ad5a97441b7e1bd5f5ebaff498ef2fbb11b > > Regards, > Salvatore > > _______________________________________________ > Pkg-libvirt-maintainers mailing list > pkg-libvirt-maintain...@lists.alioth.debian.org > http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-libvirt-maintainers > -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org