Your message dated Mon, 27 Feb 2017 21:05:55 +0000 with message-id <e1cisuv-000bpu...@fasolo.debian.org> and subject line Bug#856313: fixed in libvirt 3.0.0-3 has caused the Debian Bug report #856313, regarding libvirt: CVE-2017-2635: Null pointer dereference when updating storage size on empty drives to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 856313: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=856313 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: libvirt Version: 3.0.0-2 Severity: grave Tags: upstream patch security Justification: user security hole Hi Guido, the following vulnerability was published for libvirt. CVE-2017-2635[0]: Null pointer dereference when updating storage size on empty drives If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-2635 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2635 Regards, Salvatore p.s.: if you are short on time, I can happily prepare a NMU for this one.
--- End Message ---
--- Begin Message ---Source: libvirt Source-Version: 3.0.0-3 We believe that the bug you reported is fixed in the latest version of libvirt, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 856...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Guido Günther <a...@sigxcpu.org> (supplier of updated libvirt package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Mon, 27 Feb 2017 20:07:41 +0100 Source: libvirt Binary: libvirt-clients libvirt-daemon libvirt-daemon-system libvirt0 libvirt-doc libvirt-dev libvirt-sanlock libnss-libvirt Architecture: source Version: 3.0.0-3 Distribution: unstable Urgency: medium Maintainer: Debian Libvirt Maintainers <pkg-libvirt-maintain...@lists.alioth.debian.org> Changed-By: Guido Günther <a...@sigxcpu.org> Closes: 856313 Description: libnss-libvirt - nss plugin providing IP add ress resolution for virtual machines libvirt0 - library for interfacing with different virtualization systems libvirt-clients - Programs for the libvirt library libvirt-daemon-system - Libvirt daemon configuration files libvirt-daemon - Virtualization daemon libvirt-dev - development files for the libvirt library libvirt-doc - documentation for the libvirt library libvirt-sanlock - Sanlock plugin for virtlockd Changes: libvirt (3.0.0-3) unstable; urgency=medium . * [62ad289] Debianize virtlogd * [cb216b5] CVE-2017-2635: qemu: Don't update physical storage size of empty drives (Closes: #856313) Checksums-Sha1: db9f7bf8c684d78d11e48fa8bc63ee4b2f29f8e6 3926 libvirt_3.0.0-3.dsc 9fc2926bbb50f58bac8b59c9bd4b2b99379ec67f 62884 libvirt_3.0.0-3.debian.tar.xz Checksums-Sha256: ba56aa32baed5c975fea8e107f8648be654f147cdfe23628d0016f3f150c74fc 3926 libvirt_3.0.0-3.dsc 4428e37498eba4a6ea26698fdb7590f2ad00aaec69ea83817f234f09dc16d5c3 62884 libvirt_3.0.0-3.debian.tar.xz Files: 563f9e19ad4dad8d8f8b07db8697ada8 3926 libs optional libvirt_3.0.0-3.dsc dcc6c87a7db1445b26057a3c5380fcfb 62884 libs optional libvirt_3.0.0-3.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEvHzQcjh1660F3xzZB7i3sOqYEgsFAli0hGcACgkQB7i3sOqY Egvr0A//Xu9ME1mshfgsEji/4uZAXF7mc+3DtcdDGvFzVYSaxdckDykIlw5wG9Up frU5Nis505SxvI4RQ0b9C3JHdOHOBBkgM3bzkZDBw1uJazCAJRuWZBUwy8QERDJi 8iYOPQ7uFVpofDEzRa5+1vIDiTkpZA+HCZTqE999e+6GHUtLrqfZf5PCCrCpfYVE dfUqaVvoDq55oUUmX9b4XSHJv3psnj0ynT3nMyo7u3wNLRf9eS74fDvRoZRzUYqF oedUjPESQgZvpJpfL4grBP8HsXFA6vfb1ozTh3U/XL1P9Nh7MfLsNRU1/C9uUP9/ /gMf//5/RrhU+JnfagMxGS1SkqJt4TRWkuHYBp3F8v1QcyaGUz/aXIY1tegmpXbN DP/SeTR9hm1UBtXgyrHMQ+NxVM1lJU/5LXiekfsGksaQ5rO4M/WT6NSYLK0IDgPt XehNMgI6zjE8Y+y65GXY6D9Iw0jtS3YrhwhNtDEshjyNL2MhFGcX++7yWXw8s8P3 tz58UP1AHHIg7HixO3i+BIrdx448Jws0dmsDW6ncs8Ox8AzZ2DBUsD/OSSl+ymA9 ilUiyixYnDSTkTYB6QQZh1cgV6YxwkbOxyjburJsDfUgaQVhEI95LtejqnK2XK2g QdygwIYUEQq0MDmR5s0Xw7U3TxZBVuHYyKg7zQwzb8UyQgJQYBA= =/+LK -----END PGP SIGNATURE-----
--- End Message ---
