Your message dated Thu, 25 Jun 2020 10:50:00 +0000 with message-id <e1jopsc-0007ix...@fasolo.debian.org> and subject line Bug#963474: fixed in libvirt 6.4.0-1 has caused the Debian Bug report #963474, regarding libvirt: CVE-2020-14301: leak of sensitive cookie information via dumpxml to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 963474: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=963474 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: libvirt Version: 6.2.0-1 Severity: grave Tags: security upstream Hi libvirt starting from 6.2.0-rc1 upsteram is affected by CVE-2020-14301, leak of sensitive cookie information via dumpxml. I'm filling it as RC severity as it does not affect current unstable version and the vession in unstable should not move to testing later on without the fix. Details are in https://bugzilla.redhat.com/show_bug.cgi?id=1848640 referencing the upstream commits as per https://github.com/libvirt/libvirt/commit/a5b064bf4b17a9884d7d361733737fb614ad8979 https://github.com/libvirt/libvirt/commit/524de6cc35d3b222f0e940bb0fd027f5482572c5 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: libvirt Source-Version: 6.4.0-1 Done: Andrea Bolognani <e...@kiyuko.org> We believe that the bug you reported is fixed in the latest version of libvirt, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 963...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Andrea Bolognani <e...@kiyuko.org> (supplier of updated libvirt package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sun, 21 Jun 2020 23:59:13 +0200 Source: libvirt Architecture: source Version: 6.4.0-1 Distribution: experimental Urgency: medium Maintainer: Debian Libvirt Maintainers <pkg-libvirt-maintain...@lists.alioth.debian.org> Changed-By: Andrea Bolognani <e...@kiyuko.org> Closes: 963474 Changes: libvirt (6.4.0-1) experimental; urgency=medium . * Team upload . * [1662a90] New upstream version 6.4.0 Includes a fix for CVE-2020-14301 (Closes: #963474) * [ad19936] patches: Drop tests-Mock-[...]-for-qemuhotplug.patch * [bfc4f8b] rules: Install upstream release notes * [995991b] control: Set Rules-Requires-Root: no * [dd75022] control: Bump Standards-Version to 4.5.0 * [fa6aefb] rules: Enable 'bindnow' hardening option Checksums-Sha1: c79a2cf4cb6721b0fdd2ddd973b8711a820210b2 5145 libvirt_6.4.0-1.dsc 4792f587c0d941e0947e30fc95a3b1d1fe120c65 8398396 libvirt_6.4.0.orig.tar.xz aef4f947eb1906a18149f3b8054b5dd32e2bd282 488 libvirt_6.4.0.orig.tar.xz.asc c4adad113f50a91d28c87f7689610160d1f7809f 71568 libvirt_6.4.0-1.debian.tar.xz 204d3f686304da0fcfdbe5b1b66a9c05ebf11564 12527 libvirt_6.4.0-1_source.buildinfo Checksums-Sha256: 2686e4ba44241fb0d0b289604bcf2574b0f11e85cc5ce50bf3aa316a6ded5e41 5145 libvirt_6.4.0-1.dsc 586ebcf220369d08a07c6cc17035e8a91bb3741e4300199459904e9e02478be7 8398396 libvirt_6.4.0.orig.tar.xz e88b7b0283a2c12e3708ba1e0d8cdf61eef41aaa6dc11e7318c7070f6a13fe06 488 libvirt_6.4.0.orig.tar.xz.asc 000ee1b7b286127105f99e930016a194a4d54ce27d9309f0421baa2e9f3ffdbc 71568 libvirt_6.4.0-1.debian.tar.xz d4f249b7ccfccde46859270eadf0b545fb12d99daee0ef29e4fc793d2efc8e95 12527 libvirt_6.4.0-1_source.buildinfo Files: 34142343d4a0b86bbb11cf5e72e14cfa 5145 libs optional libvirt_6.4.0-1.dsc a14cfce86474d4f039a27ce140b176e7 8398396 libs optional libvirt_6.4.0.orig.tar.xz 4ca8b29a1c1fbcf906f76c8ac0a54b85 488 libs optional libvirt_6.4.0.orig.tar.xz.asc 23e8c8f130f661ab097502f3db2fea18 71568 libs optional libvirt_6.4.0-1.debian.tar.xz 540edc23c03a161348d26d433888e367 12527 libs optional libvirt_6.4.0-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEY/bM35YinQkoayrDJb+GUkr8weMFAl70fe4ACgkQJb+GUkr8 weNvqw/9Fv5kuqeYFTyGYXvhD38fexBPE3JEz6jR/WGuGS8tiiynxYLnol1ZSmFv MQ264bFnyJfW95uqZi2Ka26SLLbKqgb9PqZ2jzngeAw3PZQWScfuOfPMMk+Okie2 Bfx6gifxYTqwCgb9GgbTZZcqcP7/3/vH6+ag5AKxACeoy9jzc68E6QLEI3APQGD4 FTm3hUXi08+YJQIqC6XeiZ4OuNbwi6B6FiXgPTinpHVm1qjtax16qKLrKtknSkVd fTmV0nYCxB2rfU1kdgt/OmUEDJoLrpCCaYXKc4FMzpi0tZkZyy3IfGKbre85TRyt 8ZuSIzG/pINKNI7FDEFKfwzeI/sKxltEo0rPT5NV/CJnrzPhth1L3K8nsXVeM8nY GSt3s3qWM4u7Jw8KmdVsarUXyPRE8hTXIsy8cenGau4H3j5AtMlXnyBMvGGmu6Wp iXifYjEe2/QMRwOXvd1CHI9Uwo061AOTuroh0OXW/l7C7rb+e0XSUmSB9LLg1gGM KMXxhN+PLGB6/RBYH1evOL2LEC35YtzoKJBKQhHch7lEBvXcuVzC3z7wAiEPJ7gq 1OHxcDlTFR3+RYsxjVZoFD/gs0Lb7wOo4DEbsFciLAl+K840k164Tm+z0A1Xmm54 ClFhhSrvZp7KLw3PRbxTOAFzzSzzB2O5uwDo/cfOyWPs3zkVYKs= =7PZx -----END PGP SIGNATURE-----
--- End Message ---
