Bug#725968: pu: package libvirt/0.9.12.2-1
On Tue, Oct 15, 2013 at 06:52:57PM +0200, Michael Biebl wrote:
[..snip..]
> So I'd like a clear advice from the security what to do about
> CVE-2013-4288 (Bug: #723717) in policykit-1/stable:
> a/ Fix via stable-security
> b/ Fix via stabe
> c/ Ignore (not important enough).
>
> I'm happy to do either a/ or b/ if the security team wants me to.
>
> If c/, this means libvirt would have to remove that patch for its stable
> upload
> If we are going to fix policykit-1 in stable, libvirt should have a
> versioned dep on policykit-1, to ensure it gets the correct version of
> pkcheck.
Just as a data point. Libvirt can keep the patches but when build
against a unpatched polkit they would be disabled.
Cheers and thanks for following up on this!
-- Guido
>
>
> Michael
>
>
>
> --
> Why is it that all of the instruments seeking intelligent life in the
> universe are pointed away from Earth?
>
Reply to: