Your message dated Mon, 26 Aug 2019 11:19:46 +0000 with message-id <e1i2d2i-000cp7...@fasolo.debian.org> and subject line Bug#929334: fixed in libvirt 5.6.0-1 has caused the Debian Bug report #929334, regarding libvirt: CVE-2019-10132: Insecure permissions for systemd socket for virtlockd/virtlogd to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 929334: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929334 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: libvirt Version: 5.0.0-2 Severity: grave Tags: security upstream Control: found -1 5.0.0-2.1 Control: found -1 5.2.0-2 Hi, The following vulnerability was published for libvirt. CVE-2019-10132[0]: Insecure permissions for systemd socket for virtlockd/virtlogd If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2019-10132 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10132 [1] https://security.libvirt.org/2019/0003.html Please adjust the affected versions in the BTS as needed, looks like the issue is introduced upstream in v4.1.0-rc1 though. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: libvirt Source-Version: 5.6.0-1 We believe that the bug you reported is fixed in the latest version of libvirt, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 929...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Andrea Bolognani <e...@kiyuko.org> (supplier of updated libvirt package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sun, 25 Aug 2019 16:32:31 +0200 Source: libvirt Architecture: source Version: 5.6.0-1 Distribution: unstable Urgency: medium Maintainer: Debian Libvirt Maintainers <pkg-libvirt-maintain...@lists.alioth.debian.org> Changed-By: Andrea Bolognani <e...@kiyuko.org> Closes: 915107 919484 929334 931243 931768 Changes: libvirt (5.6.0-1) unstable; urgency=medium . * Team upload. . [ Guido Günther ] * [fb43676] d/control: Drop dh-autoreconf build-dep * [81d21d5] d/not-installed: Use multi-arch dirs * [07d5669] New upstream version 5.6.0 Fixes CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091, CVE-2019-10132 (Closes: #915107, #931243, #929334) * [9f38a9e] apparmor: Allow run pygrub (Closes: #931768) * Acknowledge NMU. Thanks Jonathan Wiltshire . [ Christian Ehrhardt ] * [c28c3b3] d/libvirt0.install: install translations * [c3c4cd4] d/libvirt-daemon-system.install: drop in helper for firewalld * [3e8b43c] d/not-installed: ignore default files /etc/sysconfig * [c223d7f] d/libvirt-daemon-system.examples: ship sysctl config as example * [f19acf6] d/libvirt-daemon-system.install: ship libxl-sanlock.conf (Closes: #919484) * [483e44a] d/libvirt-doc.docs: fix whitespace issue * [4f4751f] d/libvirt-doc.docs: install new doc elements * [781e22e] d/not-installed: ignore documentation already being installed * [eda89b2] d/no-installed, d/libvirt-doc.docs: do not install fonts * [ab67a28] d/copyright: add license for docs/fonts/ * [2e222a2] d/rules: strip symbolic-functions linker option * [39b658c] Revert "d/libvirt-daemon-system.install: ship libxl-sanlock.conf" * [ce46360] d/rules: install libxl-sanlock.conf dependent on xen being enabled . [ Andrea Bolognani ] * [6a2eae3] Simplify and improve watch file * [82a1edc] Bump symbol versions * [73fccd9] Specify --doc-main-package for dh_installdocs * [d48fdf6] Rediff patches * [3b16c86] Bump symbol versions * [48c9b75] Drop Avahi support * [a49de91] Fix AppArmor profile for virt-aa-helper * [b8e92da] Disable libvirtd socket activation * [73d1e8c] Install kbase articles Checksums-Sha1: a0a564ca289e85ed36c32b27b6c80f439294d347 4300 libvirt_5.6.0-1.dsc 4180bde7aa476845296e2a015ba6272fbba80fe3 13147976 libvirt_5.6.0.orig.tar.xz d4bf040bec320cac3d0e2be357b2a87218ed2148 71024 libvirt_5.6.0-1.debian.tar.xz 59b4cd9fbacd38744788987ee0d49445481ba2c1 19240 libvirt_5.6.0-1_amd64.buildinfo Checksums-Sha256: 2ae27c02eeda6e06636f357f45b3162a5ad4ca6c43f788d290267c7a473b27e6 4300 libvirt_5.6.0-1.dsc 65f4f9924e10135aa694ca8bcb0b55725883d08e0b32c42111603d573aabb9b4 13147976 libvirt_5.6.0.orig.tar.xz 0ab5ddbcf1d383a7303c39e12e7178bd67e01adae7a1aa639fb724d2d2440e90 71024 libvirt_5.6.0-1.debian.tar.xz 7ffb8be3e815c6ba717b82245e02fcca954a02409c6b3ce2cf743e194da77ca4 19240 libvirt_5.6.0-1_amd64.buildinfo Files: ae742b57c6b02cbc0dc00b81749f00e2 4300 libs optional libvirt_5.6.0-1.dsc e818bb25ead24119925781b7519a8401 13147976 libs optional libvirt_5.6.0.orig.tar.xz 805387e7f41add6c6e0612b482cded13 71024 libs optional libvirt_5.6.0-1.debian.tar.xz 1d6d67d9165f1e52078f25b1a6ded180 19240 libs optional libvirt_5.6.0-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEvHzQcjh1660F3xzZB7i3sOqYEgsFAl1jvagACgkQB7i3sOqY EguxrA//eQLud47FdfTeVKWdqRaXr6emHvpevYJx5gOybY//zYlK+C3uP3Xj8Uxy Q+TsxXnC+zs2FzWJiNdpwvED3F1YPwxnVqMoHEV4H8qmWXTQl5DmiBeZO56Sp7rU EET5bociYBQ1zgwaiWN6IFDb5oxm2dThzuvdibpHqZFER65WSwosxwX0gUemIG5F KC1KM1MPF6I+eJ70Rz3XT8l59crcwG+rBhG8sXgpYdhirTsAcHeWlp+qkcUKdVpF M2swmfht9ChjO3+XwB8OrS1mlbGzH0E6CHPwbCzNLMy70cztTdCKnLSQOXvRQ6eq G+UrKrIi0+YxW+Er0M6ESj2AIMg685W8UjaerXzp/9AA9b+MIGONDwitovtJK3Ab jgNIztHfqd0V450W0kPuMPDO2r/WOVKgrmT5d/I6nbY6CifUS2yoxaiJdEqfWsVP XvJbZIG8q9KrIJo8tvn/ZOZ3RQREFTvhc8mdyCH7FHL3OSBfGMAJQW9/TatnvfcS xcZfWTy/b4MKaQw6JGZ6oU+RX7GKhP4YW1ZHP3NPgmdACm1sIEwZikPD36Cx0Z78 AUYrZLjmafBNbpFFt9BkpLbY6a2a28OrIh1nnDLyPpMdi8WMkRdvBsR6n9OAyWQU 4XdO3c1HLNWRLDVrUYtJs7eT8DXZyLP5a8BYXLvsBQt6U5shfTQ= =ouk+ -----END PGP SIGNATURE-----
--- End Message ---
