Your message dated Wed, 22 May 2019 11:34:44 +0000 with message-id <e1htpw8-000g6p...@fasolo.debian.org> and subject line Bug#929334: fixed in libvirt 5.0.0-3 has caused the Debian Bug report #929334, regarding libvirt: CVE-2019-10132: Insecure permissions for systemd socket for virtlockd/virtlogd to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 929334: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929334 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: libvirt Version: 5.0.0-2 Severity: grave Tags: security upstream Control: found -1 5.0.0-2.1 Control: found -1 5.2.0-2 Hi, The following vulnerability was published for libvirt. CVE-2019-10132[0]: Insecure permissions for systemd socket for virtlockd/virtlogd If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2019-10132 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10132 [1] https://security.libvirt.org/2019/0003.html Please adjust the affected versions in the BTS as needed, looks like the issue is introduced upstream in v4.1.0-rc1 though. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: libvirt Source-Version: 5.0.0-3 We believe that the bug you reported is fixed in the latest version of libvirt, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 929...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Guido Günther <a...@sigxcpu.org> (supplier of updated libvirt package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Wed, 22 May 2019 12:31:08 +0200 Source: libvirt Architecture: source Version: 5.0.0-3 Distribution: unstable Urgency: medium Maintainer: Debian Libvirt Maintainers <pkg-libvirt-maintain...@lists.alioth.debian.org> Changed-By: Guido Günther <a...@sigxcpu.org> Closes: 897394 926999 927310 929334 Changes: libvirt (5.0.0-3) unstable; urgency=medium . [ Guido Günther ] * [6bc6e60] CVE-2019-10132: Fix vir{lock,log}d socket access. All patches were cherry-picked from upstream's v5.0-maint branch. (Closes: #929334) * [09016dd] d/patches: Move security fixes into security/ . [ Joachim Falk ] * [5d96699] lxc: Fix killing of lxc containers if cgroup backend v2 is unavailable. (Closes: #926999) * [ea7a491] lxc: Fix container shutdown and host reboot (Closes: #927310, #897394) Checksums-Sha1: 47b830f4255c0ad5bbb52fe77392569f73970423 4353 libvirt_5.0.0-3.dsc ee72696860a2ceec1ce07247e0bef503ee4825c1 76996 libvirt_5.0.0-3.debian.tar.xz 9d6e5a04213d249e66f593df63fd4c470b2e009e 19472 libvirt_5.0.0-3_amd64.buildinfo Checksums-Sha256: 258b58ec682c741d364e9e70004dcebb0609fb8e9dd748ff0317856af011d331 4353 libvirt_5.0.0-3.dsc 66ba224b7168fa44b382d9a158515cf34596ab072f3ef53d6f7083d90044e1cb 76996 libvirt_5.0.0-3.debian.tar.xz 7d2a4222f31bdb03342cadf1523d1a47cf04c023b10932cba77c296f625c0d08 19472 libvirt_5.0.0-3_amd64.buildinfo Files: dde11a7557b74fc06dab5aa627027918 4353 libs optional libvirt_5.0.0-3.dsc b426861e183f010e1499ec2bf574932e 76996 libs optional libvirt_5.0.0-3.debian.tar.xz cfd0537811f61479d7c29e7182612d8e 19472 libs optional libvirt_5.0.0-3_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEvHzQcjh1660F3xzZB7i3sOqYEgsFAlzlLMIACgkQB7i3sOqY EgvJlA//WiOQZfZG6SAi3c+5rO4UQ8l2nI7p4nQNE0DFmnWU6whRa+2j2qZaKfkM Qo2fWiy6dOT/5+ci4rxDBcEHvqhQEOhk7KbBQOxI9yftQ+mzlMKt9/0xWoxM7CSB j9/IagUnErZqZvdzFpOzIC1dAWuWPasbDwN7X2MJgILidpy5sADeRjOI5/BS5zl9 WwKkRmFCcshmwYYppu5sjSLLQYroA2vlW2odlWBKBwaKNscYmSy+GoRPReOL68sp GlIr9nTN/htbd9tWjrEvXCIE2tfVXNIsarIxKcs514uhHzadixWN1HOIsaWpyDSq HWtasfG/9oKdYEuntZtm7tmAbxhI2zQMFMKifj8s9Z/Yml1CljDbItEwunhS+g+9 dxlcglsNCOykDT+yWFNBP0UmkT/5UIc8MVNM0/H+jnUyQDVkeOhTimH0mB48ODjY sufAQ8r1H8I9OS92Tjo2G/CrpCWJv3+LDex94qruiZ9ys0lHfri0TEmZP5TnP4ZN qd0r9l+pOCLr6NemwwnUNUpGBi5mcVtWjgZ0vJz/Oq8UHJAi+Rh22yM73XxK4CdE LcS9cr7aSgmqM+Q5sNGzGIB9Lk4T8YUYBKTevxojZJFe/4NNgaZzxKfl7BtJYKk2 8c6r1/XzG3+xn2gJY1u7fESwZSlgIJTIanK7GgFdLL87mDlSHNo= =svda -----END PGP SIGNATURE-----
--- End Message ---
