Package: libvirt Severity: grave Tags: security upstream patch fixed-upstream
Hi Guido, Disclaimer: I have not checked to reproduce the crash, just shortly checked latest unstable version. Have set grave as per "[...] could allow an attacker who is able to establish a read-only connection to libvirtd to crash libvirtd". the following vulnerability was published for libvirt. CVE-2013-6458[0]: job usage issue in several APIs leading to libvirtd crash If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6458 http://security-tracker.debian.org/tracker/CVE-2013-6458 [1] https://bugzilla.redhat.com/show_bug.cgi?id=1048631 [2] http://libvirt.org/git/?p=libvirt.git;a=commit;h=db86da5ca2109e4006c286a09b6c75bfe10676ad (upstream fix) Please adjust the affected versions in the BTS as needed. Regards, Salvatore -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
