Your message dated Thu, 20 Jun 2019 22:10:33 +0000
with message-id <[email protected]>
and subject line Bug#930100: fixed in libvirt 5.0.0-4
has caused the Debian Bug report #930100,
regarding after upgrade to buster, qemu cannot read default spice certs
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
930100: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930100
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
package: libvirt-daemon-system
severity: important
version: 5.0.0-3
Upgrading stretch to buster.
After the upgrade, libvirt could not read /etc/pki/qemu/server-cert.pem
and server-key.pem.
This is because of the apparmor profile.
I think that's the default place where you're supposed to put spice and
vnc certs if you're using tls.
Please include /etc/pki/qemu and /etc/pki/libvirt-spice (the old
location) as directories that qemu run by libvirt is permitted to read.
--- End Message ---
--- Begin Message ---
Source: libvirt
Source-Version: 5.0.0-4
We believe that the bug you reported is fixed in the latest version of
libvirt, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Guido Günther <[email protected]> (supplier of updated libvirt package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 17 Jun 2019 19:05:40 +0200
Source: libvirt
Architecture: source
Version: 5.0.0-4
Distribution: unstable
Urgency: medium
Maintainer: Debian Libvirt Maintainers
<[email protected]>
Changed-By: Guido Günther <[email protected]>
Closes: 930100
Changes:
libvirt (5.0.0-4) unstable; urgency=medium
.
* [0fdc2af] Fix multiple CVEs related to privilege escalations on R/O
connections.
- CVE-2019-10161:
CVE-2019-10161-api-disallow-virDomainSaveImageGetXMLDesc-.patch
- CVE-2019-10166:
api-disallow-virDomainManagedSaveDefineXML-on-read-only-c.patch
- CVE-2019-10167:
api-disallow-virConnectGetDomainCapabilities-on-read-only.patch
- CVE-2019-10168:
api-disallow-virConnect-HypervisorCPU-on-read-only-connec.patch
* Include /etc/pki/qemu in apparmor (Closes: #930100)
Checksums-Sha1:
aec2883d91b08575995d05d18238730bf131b259 4508 libvirt_5.0.0-4.dsc
32e517198bf0874825bd5f2276e4cda938e87aff 78488 libvirt_5.0.0-4.debian.tar.xz
4c21de988a73071fb40ab12151b1b8e6f2285478 19640 libvirt_5.0.0-4_amd64.buildinfo
Checksums-Sha256:
53d8d101e2d9ca9c538531132b5ae8991594186e80bf8a61069834b74d3c41dc 4508
libvirt_5.0.0-4.dsc
70bf74be8aebe1418f4e09d7360c7c7d7d1fc3235fe71114e1c75b73d17545bd 78488
libvirt_5.0.0-4.debian.tar.xz
fc703a7674cf6c4404f5972ebc50dd5a06de58ee94d54aafc3e191b4c718e43e 19640
libvirt_5.0.0-4_amd64.buildinfo
Files:
3665cba74b3613bef7c3599af74e3ae4 4508 libs optional libvirt_5.0.0-4.dsc
08647aff81a475cfb013727c7128fc0a 78488 libs optional
libvirt_5.0.0-4.debian.tar.xz
04408a567bc1cb132bee7f15d489c918 19640 libs optional
libvirt_5.0.0-4_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl0L/+RfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EikQP/0UsvG9rIaB3PogJckx0rJW5i150NQNO
rXC3GdukFA9OidT+dlEJaFox4hgXtVMd5BLW0xk11w2PTcg+dbCM9gDNreBS+SVH
d3YvcaeriPVgf3TgYPcwMqfGZk2rnE4gt4CYlrtJMhqjejNwxSg4zg6JRfDVEq+i
wcWGyA8V3l2sWG/FrnlN8SWagx0JKkgd4Xr3BMV13xVw2Lf370npd8ENHteV7PtN
A9o+57rhZaSznvsfi655V2AVqP6RVPVP3la49iM3IZKgompvBZ2+It6quLQ9F75a
glpZ+Hjz6dJ8tRDYK6jT9rqwO1TNVgjQSyEFNEM81E+5AexK3VL0TphEhEOoaW6b
xMZQiEOcSxFyfDTC5KUuBzHM8NcvqZV95ZNVJGl3QL7uTPwGdVI/8mZFucCFhXJ8
MIA+mbMJ6CYTTE3KVN6evLGt++16ICtsGCaSN57NTbCeOjEGanWow2EK6XcCDTWV
X6KSPtonEE9tfmn1f3AeaspYx9Ze6TN/o8+VbGacvrpXfEAky1iEa5Q/3IeTtJPQ
TJVxcWOwenj9Q4KILSG+uUX5pW+BzBD1wIwndNTKIBMOizy+PnPbAju0OhMHeyE2
hSlPBnEh/VTEYG6SeNXgKWuCoD8uikdK+W4tXvfhrFlZSIJGTOYwbBUzuOQS2nCI
RVPrPXLBkLqq
=CSYG
-----END PGP SIGNATURE-----
--- End Message ---
