Re: libvirt 0.4.6-10+lenny1 stable update

To: debian-release@lists.debian.org
Cc: pkg-libvirt-maintainers@lists.alioth.debian.org
Subject: Re: libvirt 0.4.6-10+lenny1 stable update
From: Guido Günther <agx@sigxcpu.org>
Date: Wed, 18 Aug 2010 12:59:35 +0200
Message-id: <[🔎] 20100818105935.GA13708@bogon.sigxcpu.org>
Mail-followup-to: Guido Günther <agx@sigxcpu.org>, debian-release@lists.debian.org, pkg-libvirt-maintainers@lists.alioth.debian.org

Dear release team,
please unblock libvirt 0.7.3-1. The version should have hit the archive
before the freeze got delayed by a couple of days. The upload fixes:

CVE-2010-2242, CVE-2010-2237, CVE-2010-2238, CVE-2010-2239

On Wed, Aug 18, 2010 at 11:01:31AM +0100, Adam D. Barratt wrote:
> Please could you send a new mail regarding the unblock request?  That will
> allow us to keep track of it from a freeze point of view rather than
> having it inside a different thread.

> From a very quick look at the diff, there's at least

> libvirt-0.8.3/src/esx/esx_driver.c    | 1192 +-
> libvirt-0.8.3/src/esx/esx_vi.c        |  911 +
> libvirt-0.8.3/src/util/storage_file.c |  762 -

> which would need more careful review.
We don't have the ESX driver currently enabled in libvirt. The file
backend hat quiet some changes to fix the security issues. That's why
it's actually safer to pull in this version instead of backporting for
0.8.2 given that 0.8.3 is what we aimed for in Squeeze anyway.
Cheers,
 -- Guido

Reply to:

Follow-Ups:
- libvirt_0.8.3-1 (was: Re: libvirt 0.4.6-10+lenny1 stable update)
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>

Prev by Date: Re: Please unblock git-buildpackage 0.5.4
Next by Date: Re: wesnoth-1.8 freeze exception
Previous by thread: Re: libvirt 0.4.6-10+lenny1 stable update
Next by thread: libvirt_0.8.3-1 (was: Re: libvirt 0.4.6-10+lenny1 stable update)
Index(es):
- Date
- Thread