[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: libvirt 0.4.6-10+lenny1 stable update

On Wed, August 18, 2010 10:15, Guido Günther wrote:
> Hi Adam,
> On Mon, Aug 02, 2010 at 04:11:28PM -0400, Adam D. Barratt wrote:
[...]
>> So far as I can see, the fix for this hasn't been applied to the
>> unstable
>> packages yet?
> libvirt 0.8.3 is in unstable and the testing period is over. It'd didn't
> catch any new RC or important bugs that arent in 0.8.2 (currently in
> testing) already. Could you hint that package through, that would fix
> the following CVEs:
>
> CVE-2010-2242, CVE-2010-2237, CVE-2010-2238, CVE-2010-2239

Please could you send a new mail regarding the unblock request?  That will
allow us to keep track of it from a freeze point of view rather than
having it inside a different thread.

>From a very quick look at the diff, there's at least

 libvirt-0.8.3/src/esx/esx_driver.c    | 1192 +-
 libvirt-0.8.3/src/esx/esx_vi.c        |  911 +
 libvirt-0.8.3/src/util/storage_file.c |  762 -

which would need more careful review.

Regards,

Adam
Reply to: