On Mon, Feb 27, 2017 at 05:17:05PM +0100, Salvatore Bonaccorso wrote: > Source: libvirt > Version: 3.0.0-2 > Severity: grave > Tags: upstream patch security > Justification: user security hole > > Hi Guido, > > the following vulnerability was published for libvirt. > > CVE-2017-2635[0]: > Null pointer dereference when updating storage size on empty drives
I just uploaded a fixed version to untable. Thanks for sorting out the correct version information! -- Guido > > If you fix the vulnerability please also make sure to include the > CVE (Common Vulnerabilities & Exposures) id in your changelog entry. > > For further information see: > > [0] https://security-tracker.debian.org/tracker/CVE-2017-2635 > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2635 > > Regards, > Salvatore > > p.s.: if you are short on time, I can happily prepare a NMU for this > one. > > _______________________________________________ > Pkg-libvirt-maintainers mailing list > pkg-libvirt-maintain...@lists.alioth.debian.org > http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-libvirt-maintainers >
