Your message dated Tue, 08 Aug 2023 22:14:49 +0000
with message-id <[email protected]>
and subject line Bug#1041811: fixed in libvirt 9.6.0-1
has caused the Debian Bug report #1041811,
regarding libvirt: CVE-2023-3750
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1041811: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1041811
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: libvirt
Version: 9.5.0-1
Severity: important
Tags: security upstream
Forwarded: https://listman.redhat.com/archives/libvir-list/2023-July/240776.html
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Control: found -1 8.3.0-1
Hi,
The following vulnerability was published for libvirt.
CVE-2023-3750[0]:
| improper locking in virStoragePoolObjListSearch may lead to denial
| of service
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2023-3750
https://www.cve.org/CVERecord?id=CVE-2023-3750
[1] https://listman.redhat.com/archives/libvir-list/2023-July/240776.html
[2] https://bugzilla.redhat.com/show_bug.cgi?id=2222210
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: libvirt
Source-Version: 9.6.0-1
Done: Andrea Bolognani <[email protected]>
We believe that the bug you reported is fixed in the latest version of
libvirt, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Andrea Bolognani <[email protected]> (supplier of updated libvirt package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 05 Aug 2023 19:01:56 +0200
Source: libvirt
Architecture: source
Version: 9.6.0-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Libvirt Maintainers
<[email protected]>
Changed-By: Andrea Bolognani <[email protected]>
Closes: 1041811
Changes:
libvirt (9.6.0-1) unstable; urgency=medium
.
* [74213a2] New upstream version 9.6.0
- Fixes CVE-2023-3750 (Closes: #1041811)
* [cc3a788] control: Require AppArmor 3
* [54d65bd] patches: Add backports
- backport/src-fix-max-file-limits-in-systemd-services.patch
Checksums-Sha1:
0be0320abaf72a3df2d972769c515ec61061981f 5793 libvirt_9.6.0-1.dsc
63ee1f4dd7c127565e61b34ead84ca7eaf726a67 9282400 libvirt_9.6.0.orig.tar.xz
33c1682d278f0617f25ddda8aac5ac2aae054cb2 833 libvirt_9.6.0.orig.tar.xz.asc
7609d2fcfc7187b0578978087b4bdfec4b42b775 84468 libvirt_9.6.0-1.debian.tar.xz
ad53338bcb910507d8d24c7d35926ec9bf9013ec 12756 libvirt_9.6.0-1_source.buildinfo
Checksums-Sha256:
fae5b2cf51ac004ec3d6412402ec66e7a1b36ee8ae9e716a7bef5c44f13231f8 5793
libvirt_9.6.0-1.dsc
10f2e52dbb5df90410594a8e36d0e0587d38f11efb64ff32cbec422b93b70c52 9282400
libvirt_9.6.0.orig.tar.xz
6d7df26615f850bb1c14dd2804143672801c97dcf96eefc6337e18ccc33a97aa 833
libvirt_9.6.0.orig.tar.xz.asc
193f51997df14ddd402c6cb5dd62d710ba169aab4ac568687465ec7ef97a4555 84468
libvirt_9.6.0-1.debian.tar.xz
d1072b450f6afa03730a150fcdfe5916eec66a5e916154c74727030a7813045c 12756
libvirt_9.6.0-1_source.buildinfo
Files:
ee8f1733d6cfaf3cdb14630ed0e36767 5793 libs optional libvirt_9.6.0-1.dsc
82d5526f9360e3682fca0dd49c9cccec 9282400 libs optional
libvirt_9.6.0.orig.tar.xz
50bc1983b47fe4b6aa89eb9f13195af8 833 libs optional
libvirt_9.6.0.orig.tar.xz.asc
896f4a4cf441f56ecf0291b3dbff9557 84468 libs optional
libvirt_9.6.0-1.debian.tar.xz
9b729be6da040e683adb22c9716e6166 12756 libs optional
libvirt_9.6.0-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEO48t9niVypx3EjLf954fxUKFg6wFAmTSs1YACgkQ954fxUKF
g6z8wQ//eY5vt5m+DO28Nwam+Pr1iyMjdYw2lHI7NrXBaYnzX1cuu184/Qd4gBti
SSXs+JfQON8Mi7PV6YtMAkBNfavAOQPDt8qfPMkEKaM+kQETr8c0YxN2wb23zfdW
mOICE5fKLk1rxogf8wVWZG5792h3/5GuavM9VNloJwiMrr470ZdXvF5n6Mdtj4q7
V7+WIpojTLRYGdr6aD34EucYxObkiHX4Qrp+DwH998NeypkQaR9Y35w/qF5R8RAz
3QluM822WkvGQBRDlRP63Y+B3VUIz9x/Dh80NB0BqNzgXQitet7dWGaiuB28VhXQ
FPKitHCbHO9mwyNUWzV9Rb29t9lgETYnrz9gapwzT68BFvcAHKfzW1rccjvtdMAl
KjaBRRzM4M/INSyI8xsIehTS0/M25CqgbFNeNO3/JeeHnY+rOzq8f4YaN733x8+R
ls7KJZyWDJ9uyc4EiWY+I0wE3cLEz60/HdOITAGb4yJBdywiNvshtvvcoAQH7aAn
HNiiw9t+CiF0lAloguIccWX581e09dnOIgPK3KDCNMMLqReDjk8d9Ks5E0dF2gAr
Vn5TRolKHgqL1nDhLmk08uHbLLw5TH2NL924jhcxu2/DzUnA7bWnKWfShLEceK72
gv1/ubxL5Jbg/4f36IstRVDjA/IAt0plfy6sUsOtvrzHgPYMVD8=
=6y5s
-----END PGP SIGNATURE-----
--- End Message ---
