[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: libvirt 0.4.6-10+lenny1 stable update

On Mon, Aug 02, 2010 at 04:11:28PM -0400, Adam D. Barratt wrote:
> Hi,
> On Thu, July 29, 2010 10:02, Guido Günther wrote:
> > I'd like to upload a new version of libvirt to stable fixing two issues:
> >
> >   * CVE-2010-2242: Apply a source port mapping to virtual network
> >     masquerading
> >   * Fix path to hvmloader. (Closes: #573808)
> >
> > The first fixes a minor security issue, the update is the backport of an
> > upstream fix:
> So far as I can see, the fix for this hasn't been applied to the unstable
> packages yet?
It's fixed in unstable with 0.8.2-1. I've added #591938 for that case.
The version in stable is only affected by CVE-2010-2242.

> Where fixes are applicable to both the unstable and stable packages, the
> preferred procedure is that the fix is applied to unstable first and then
> to stable if no issues are found in unstable.
The code changed quiet a bit but the fix is the same.
 -- Guido

Reply to: