Moritz Mühlenhoff <j...@inutil.org> writes: > We're tracking at as it's currently assigned by MITRE and it's their usual > practice to split out secondary angles to a separate CVE ID. As such, you > should rather reach out to them via https://cveform.mitre.org and request > a separate ID for the part that affects 1.2.x as well.
Attached is an updated patch using the newly allocated CVE-2016-10746 identifier. -- Brian May <b...@debian.org>
diff -Nru libvirt-1.2.9/debian/changelog libvirt-1.2.9/debian/changelog --- libvirt-1.2.9/debian/changelog 2018-03-13 06:51:52.000000000 +1100 +++ libvirt-1.2.9/debian/changelog 2019-04-08 17:29:21.000000000 +1000 @@ -1,3 +1,10 @@ +libvirt (1.2.9-9+deb8u6) jessie-security; urgency=high + + * Non-maintainer upload by the LTS Team. + * CVE-2016-10746: Ensure get time RPC calls require write access. + + -- Brian May <b...@debian.org> Mon, 08 Apr 2019 17:29:21 +1000 + libvirt (1.2.9-9+deb8u5) jessie-security; urgency=high * Switch gbp.conf to jessie diff -Nru libvirt-1.2.9/debian/patches/CVE-2016-10746.patch libvirt-1.2.9/debian/patches/CVE-2016-10746.patch --- libvirt-1.2.9/debian/patches/CVE-2016-10746.patch 1970-01-01 10:00:00.000000000 +1000 +++ libvirt-1.2.9/debian/patches/CVE-2016-10746.patch 2019-04-08 17:29:21.000000000 +1000 @@ -0,0 +1,21 @@ +--- a/src/libvirt.c ++++ b/src/libvirt.c +@@ -21229,6 +21229,7 @@ + virResetLastError(); + + virCheckDomainReturn(dom, -1); ++ virCheckReadOnlyGoto(dom->conn->flags, error); + + if (dom->conn->driver->domainGetTime) { + int ret = dom->conn->driver->domainGetTime(dom, seconds, +--- a/src/remote/remote_protocol.x ++++ b/src/remote/remote_protocol.x +@@ -5444,7 +5444,7 @@ + + /** + * @generate: none +- * @acl: domain:read ++ * @acl: domain:write + */ + REMOTE_PROC_DOMAIN_GET_TIME = 337, + diff -Nru libvirt-1.2.9/debian/patches/series libvirt-1.2.9/debian/patches/series --- libvirt-1.2.9/debian/patches/series 2018-03-13 06:00:35.000000000 +1100 +++ libvirt-1.2.9/debian/patches/series 2019-04-08 17:29:21.000000000 +1000 @@ -37,3 +37,4 @@ upstream/qemu-Specify-format-iff-disk-source-is-not-empty.patch security/CVE-2018-5748-qemu-avoid-denial-of-service-reading-from-Q.patch security/CVE-2018-1064-qemu-avoid-denial-of-service-reading-from-Q.patch +CVE-2016-10746.patch