On Tue, Mar 05, 2013 at 08:48:03PM +0000, Adam D. Barratt wrote: > On Mon, 2013-03-04 at 18:02 +0000, Guido Günther wrote: > > libvirt (0.9.12-8) unstable; urgency=low > > . > > * [181eab1] CVE-2013-1766: Use libvirt-qemu as group to run qemu/kvm > > instances. This makes sure we don't chown files to groups possibly > > used > > by other programs. (Closes: #701649) > > I was looking at this with a view to unblocking it, but think there > might have been a small copy-n-waste error in the postrm changes; > specifically: > > @@ -25,6 +25,14 @@ > delgroup libvirt || true > fi > > + if getent user libvirt-qemu >/dev/null; then > > "getent user" should be "getent passwd". > > + deluser libvirt || true > > Presumably this should be "libvirt-qemu". > > + fi > + > + if getent group libvirt-qemu >/dev/null; then > + delgroup libvirt || true > > Again, should be libvirt-qemu. > > As a side note, the debian/libvirt-bin.NEWS entry for the unstable > upload should really reference 0.9.12-8 rather than 1.0.2-3.
Sorry for being sloppy and thanks for your review. I just uploaded a new version. Cheers, -- Guido -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
