[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: libvirt 0.4.6-10+lenny1 stable update



Hi Adam,
On Mon, Aug 02, 2010 at 04:11:28PM -0400, Adam D. Barratt wrote:
> Hi,
> 
> On Thu, July 29, 2010 10:02, Guido Günther wrote:
> > I'd like to upload a new version of libvirt to stable fixing two issues:
> >
> >   * CVE-2010-2242: Apply a source port mapping to virtual network
> >     masquerading
> >   * Fix path to hvmloader. (Closes: #573808)
> >
> > The first fixes a minor security issue, the update is the backport of an
> > upstream fix:
> 
> So far as I can see, the fix for this hasn't been applied to the unstable
> packages yet?
libvirt 0.8.3 is in unstable and the testing period is over. It'd didn't
catch any new RC or important bugs that arent in 0.8.2 (currently in
testing) already. Could you hint that package through, that would fix
the following CVEs:

CVE-2010-2242, CVE-2010-2237, CVE-2010-2238, CVE-2010-2239

> Where fixes are applicable to both the unstable and stable packages, the
> preferred procedure is that the fix is applied to unstable first and then
> to stable if no issues are found in unstable.
Stable is only affeceted by CVE-2010-2242.
Cheers,
 -- Guido


Reply to: