Your message dated Thu, 11 May 2023 01:05:31 +0200
with message-id <ZFwjOzwbTE4V3Beo@meyneth>
and subject line Closing #953078 (libvirt: CVE-2019-20485)
has caused the Debian Bug report #953078,
regarding libvirt: CVE-2019-20485
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
953078: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=953078
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: libvirt
Version: 5.6.0-3
Severity: important
Tags: security upstream fixed-upstream
Control: found -1 5.6.0-2
Control: fixed -1 6.0.0-1
Hi,
The following vulnerability was published for libvirt.
CVE-2019-20485[0]:
| potential DoS by holding a monitor job while querying QEMU guest-agent
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2019-20485
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20485
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1809740
[2]
https://libvirt.org/git/?p=libvirt.git;a=commitdiff;h=a663a860819287e041c3de672aad1d8543098ecc
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Package: libvirt
Version: 6.0.0-1
As pointed out by Salvatore, this has been fixed a long time ago, as
part of the 6.0.0 upstream release. Closing.
--
Andrea Bolognani <[email protected]>
Resistance is futile, you will be garbage collected.
signature.asc
Description: PGP signature
--- End Message ---
