Your message dated Thu, 29 Aug 2013 19:05:00 +0000 with message-id <e1vf7we-0003uy...@franck.debian.org> and subject line Bug#719533: fixed in libvirt 1.1.2~rc1-1 has caused the Debian Bug report #719533, regarding libvirt: CVE-2013-4239: memory corruption in xenDaemonListDefinedDomains function to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 719533: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=719533 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: libvirt Version: 1.1.1-1 Severity: grave Tags: security upstream patch Hi, the following vulnerability was published for libvirt. (marking this as rc, to not have it enter testing, even there are already rc bugs blocking the migration). CVE-2013-4239[0]: memory corruption in xenDaemonListDefinedDomains function This was introduced only in 1.1.1-1 in commit [1] and there is a fix for it in [2]. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4239 http://security-tracker.debian.org/tracker/CVE-2013-4239 [1] http://libvirt.org/git/?p=libvirt.git;a=commitdiff;h=632180d1 [2] http://libvirt.org/git/?p=libvirt.git;a=commitdiff;h=0e671a16 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: libvirt Source-Version: 1.1.2~rc1-1 We believe that the bug you reported is fixed in the latest version of libvirt, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 719...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Guido Günther <a...@sigxcpu.org> (supplier of updated libvirt package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Thu, 29 Aug 2013 20:22:10 +0200 Source: libvirt Binary: libvirt-bin libvirt0 libvirt0-dbg libvirt-doc libvirt-dev python-libvirt libvirt-sanlock Architecture: source i386 all Version: 1.1.2~rc1-1 Distribution: experimental Urgency: low Maintainer: Debian Libvirt Maintainers <pkg-libvirt-maintain...@lists.alioth.debian.org> Changed-By: Guido Günther <a...@sigxcpu.org> Description: libvirt-bin - programs for the libvirt library libvirt-dev - development files for the libvirt library libvirt-doc - documentation for the libvirt library libvirt-sanlock - library for interfacing with different virtualization systems libvirt0 - library for interfacing with different virtualization systems libvirt0-dbg - library for interfacing with different virtualization systems python-libvirt - libvirt Python bindings Closes: 719533 721172 Changes: libvirt (1.1.2~rc1-1) experimental; urgency=low . * [a3b140a] New upstream version 1.1.2~rc1 (Closes: #719533) * [6c162e3] Update patches: Drop virGetGroupList-always-include-the-primary-group.patch applied upstream. * [e6c12ec] Update symbols * [a3548ee] Drop versioned libaudit-dev dependency (Closes: #721172) * [1562bb3] Fix "make check" not finding finding the libvirtd lense Checksums-Sha1: 6fc6a4681a36429b480472aee15c9d714587d41c 2526 libvirt_1.1.2~rc1-1.dsc 0f68d5e314bef1be7ef54568b73a615e4f3e2d65 25611434 libvirt_1.1.2~rc1.orig.tar.gz 3a7e001216ccf95f89b49bae630797c114d9b391 41094 libvirt_1.1.2~rc1-1.debian.tar.gz efe01f362293aaf61936ba7f76511135ba648989 3165538 libvirt-bin_1.1.2~rc1-1_i386.deb 24cbff565c220f21e0b1bd5248c3a348820fb12a 2295496 libvirt0_1.1.2~rc1-1_i386.deb e95304b99accb2c637973cbcb3ef97580035ac9b 6801246 libvirt0-dbg_1.1.2~rc1-1_i386.deb abbfd37e1c978d3ce935dbd63211c3f2fcfc6712 2564828 libvirt-doc_1.1.2~rc1-1_all.deb bac173b2f75bda957403a92ffec4e773268681be 1586660 libvirt-dev_1.1.2~rc1-1_i386.deb fecb8fb522fcc5352c35cb4fad93ed927dd73997 1673794 python-libvirt_1.1.2~rc1-1_i386.deb 56de2121e2b87dc1f09d1f71b5f27c0570c3d3a8 1583864 libvirt-sanlock_1.1.2~rc1-1_i386.deb Checksums-Sha256: b75863ce05ad94c4cba71e294e5b776a68f8327982f947976fffff12dfcff9a3 2526 libvirt_1.1.2~rc1-1.dsc 073ad30c56cad693977cff823c63af8ab32aaccd7bafbc8b0973395ab6d2c680 25611434 libvirt_1.1.2~rc1.orig.tar.gz 7713e8b1449a113db625cee842437e5ee2eee3bc20e98be6061d07dbe22e47d2 41094 libvirt_1.1.2~rc1-1.debian.tar.gz 099df4b64cc528cb90b4f7d260683516fa0baa9cce17ace39d6d2e9c601557d0 3165538 libvirt-bin_1.1.2~rc1-1_i386.deb 99ea43a682638dee87dbf727aa5795b38a4772ed8795a447b3cf6bc62a070df5 2295496 libvirt0_1.1.2~rc1-1_i386.deb 706935974afb9ab654173132e02dfc151f656569122e0780cb4d98a27d56a0cb 6801246 libvirt0-dbg_1.1.2~rc1-1_i386.deb 81f98e5e15f32df59ad8accde2376676d8f38c95656d171c033b0f879af62cb6 2564828 libvirt-doc_1.1.2~rc1-1_all.deb 91c52de45a65249ccd13b6b88bdd53fa53af46a6af600a88f9d77d0b74d5a69f 1586660 libvirt-dev_1.1.2~rc1-1_i386.deb d72b0b587c62c2f6986fd68eb698460f8aa60044c5a1504a85ac3ef095748ec5 1673794 python-libvirt_1.1.2~rc1-1_i386.deb 5013d708cc10661c6a44615997e94e3caecfec8dc1646e6f5323cfa1377e5a13 1583864 libvirt-sanlock_1.1.2~rc1-1_i386.deb Files: c8cd0863e70b25f37dce49993a9daeb8 2526 libs optional libvirt_1.1.2~rc1-1.dsc 6e467978ce0b2666e6b54c2d162ba7f5 25611434 libs optional libvirt_1.1.2~rc1.orig.tar.gz c0c143fa48b6dc97d8f0d02f420fbfff 41094 libs optional libvirt_1.1.2~rc1-1.debian.tar.gz 65bcba0f8dbe204eecf0976fc1108286 3165538 admin optional libvirt-bin_1.1.2~rc1-1_i386.deb 8c394a4f64c40283ea68d608ee710e38 2295496 libs optional libvirt0_1.1.2~rc1-1_i386.deb 0d30c086d9a86702bd88b7036d967a96 6801246 debug extra libvirt0-dbg_1.1.2~rc1-1_i386.deb 06585fb1ce165a1b9c6027da3d1d78b1 2564828 doc optional libvirt-doc_1.1.2~rc1-1_all.deb f2ad8a6c50ce89e00fb5a17a728ca798 1586660 libdevel optional libvirt-dev_1.1.2~rc1-1_i386.deb 658f397badf4bb813c1abd8c5044bf65 1673794 python optional python-libvirt_1.1.2~rc1-1_i386.deb a0b4362ce8e0f3009bddc41307fa5172 1583864 libs extra libvirt-sanlock_1.1.2~rc1-1_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFSH5cAn88szT8+ZCYRAppzAJkBSCnqcxUt8Qg9LWDYGHgmB9ZXpACcCqW7 NJm6x/toZ7YnLn/tbZMnWas= =LLGe -----END PGP SIGNATURE-----
--- End Message ---
