Re: libvirt / CVE-2019-3886
Guido Günther <email@example.com> writes:
> I don't think this is needed for jessie since the corresponding function
> in qemu was implemented in 4.8.0.
Sounds like it won't hurt to leave this in, in any case...
> qemuDomainGetTime is present in 1.2.9 and uses the guest agent so it's
> affected as well. The corresponding virDomainGetTime has no read only
> check so this could be an issue (but should likely use a different
> CVE). This was upstream fixed in
Ok, so it does sound like I should make this change too.
Like it or not, I suspect CVE-2019-3886 might be getting used for both
Brian May <firstname.lastname@example.org>