On Fri, May 17, 2013 at 03:56:36PM +0200, Salvatore Bonaccorso wrote:
Package: libvirt
Version: 1.0.5-2
Severity: grave
Tags: security upstream patch
Hi,
the following vulnerability was published for libvirt.
CVE-2013-1962[0]:
DoS (max count of open files exhaustion) due sockets leak in the storage pool
Upstream patch can be found at [1].
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities Exposures) id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1962
http://security-tracker.debian.org/tracker/CVE-2013-1962
[1]
http://libvirt.org/git/?p=libvirt.git;a=commit;h=ca697e90d5bd6a6dfb94bfb6d4438bdf9a44b739
Only experimental version should be affected. Note, the serverity
grave might be a bit overrated in this case, so if you do not agree
please downgrade to important.
Just for the record: I double checked that oldstable/stable/sid aren't
affected.
Cheers,
-- Guido
Regards,
Salvatore
___
Pkg-libvirt-maintainers mailing list
pkg-libvirt-maintain...@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-libvirt-maintainers
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
