Re: libvirt 0.4.6-10+lenny1 stable update
On Mon, Aug 02, 2010 at 04:11:28PM -0400, Adam D. Barratt wrote:
> Hi,
>
> On Thu, July 29, 2010 10:02, Guido Günther wrote:
> > I'd like to upload a new version of libvirt to stable fixing two issues:
> >
> > * CVE-2010-2242: Apply a source port mapping to virtual network
> > masquerading
> > * Fix path to hvmloader. (Closes: #573808)
> >
> > The first fixes a minor security issue, the update is the backport of an
> > upstream fix:
>
> So far as I can see, the fix for this hasn't been applied to the unstable
> packages yet?
It's fixed in unstable with 0.8.2-1. I've added #591938 for that case.
The version in stable is only affected by CVE-2010-2242.
> Where fixes are applicable to both the unstable and stable packages, the
> preferred procedure is that the fix is applied to unstable first and then
> to stable if no issues are found in unstable.
The code changed quiet a bit but the fix is the same.
Cheers,
-- Guido
Reply to: