Author: carnil
Date: 2014-01-17 19:11:59 +0000 (Fri, 17 Jan 2014)
New Revision: 25261
Modified:
data/CVE/list
Log:
Add fixed version for three libvirt CVEs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-01-17 16:12:27 UTC (rev 25260)
+++ data/CVE/list 2014-01-17 19:11:59 UTC (rev 25261)
@@ -154,7 +154,7 @@
REJECTED
CVE-2014-1447 [libvirt: denial of service with keepalive]
RESERVED
- - libvirt <unfixed> (bug #735676)
+ - libvirt 1.2.1-1 (bug #735676)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1047577
NOTE:
http://libvirt.org/git/?p=libvirt.git;a=commit;h=066c8ef6c18bc1faf8b3e10787b39796a7a06cc0
NOTE:
http://libvirt.org/git/?p=libvirt.git;a=commit;h=173c2914734eb5c32df6d35a82bf503e12261bcf
@@ -3642,7 +3642,7 @@
RESERVED
CVE-2014-0028 [event registration bypasses domain:getattr ACL]
RESERVED
- - libvirt <unfixed>
+ - libvirt 1.2.1-1
[squeeze] - libvirt <not-affected> (Introduced in 1.1.1)
[wheezy] - libvirt <not-affected> (Introduced in 1.1.1)
NOTE:
https://www.redhat.com/archives/libvir-list/2014-January/msg00684.html
@@ -4820,11 +4820,9 @@
NOTE: upstream fix:
http://libvirt.org/git/?p=libvirt.git;a=commit;h=db86da5ca2109e4006c286a09b6c75bfe10676ad
CVE-2013-6457 [avoid crashing if calling `virsh numatune' on inactive domain]
RESERVED
- - libvirt <unfixed>
+ - libvirt 1.2.1-1
NOTE:
https://www.redhat.com/archives/libvir-list/2013-December/msg01258.html
NOTE:
http://libvirt.org/git/?p=libvirt.git;a=commit;h=f9ee91d35510ccbc6fc42cef8864b291b2d220f4
- NOTE: fixed in v1.2.1-rc1
- TODO: check
CVE-2013-6456 [virsh shutdown does not handle symlinks correctly for LXC]
RESERVED
- libvirt <unfixed> (bug #732394)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
