[ubuntu-cloud-archive/grizzly-proposed] libvirt (Accepted)
Adam Gandelman
adamg at ubuntu.com
Mon Oct 28 00:55:55 UTC 2013
libvirt (1.0.2-0ubuntu11.13.04.5~cloud1) precise-grizzly; urgency=low
.
* Backport security fixes for the Ubuntu Cloud Archive:
- debian/control: Tweak versions of policykit-1 and
libpolkit-gobject-1-dev for security fixes in Ubuntu 12.04.
.
libvirt (1.0.2-0ubuntu11.13.04.5) raring-proposed; urgency=low
.
* Cherrypick upstream patch (LP: #1219435)
- conf-fix-a-failure-when-detaching-a-usb-device
.
libvirt (1.0.2-0ubuntu11.13.04.4) raring-security; urgency=low
.
* SECURITY UPDATE: possible privilege escalation via pkcheck race.
- debian/patches/CVE-2013-4311.patch: add uid to pkcheck call in
configure.ac, daemon/remote.c, src/locking/lock_daemon.c,
src/rpc/virnetserverclient.*, src/rpc/virnetsocket.*,
src/util/virprocess.*, src/util/virstring.*.
- debian/rules: use DEB_AUTO_UPDATE_AUTOCONF and
DEB_AUTO_UPDATE_AUTOHEADER.
- debian/control: specify version of policykit-1 security update, add
libpolkit-gobject-1-dev to Build-Depends.
- CVE-2013-4311
* SECURITY UPDATE: denial of service in remoteDispatchDomainMemoryStats
- debian/patches/CVE-2013-4296.patch: properly initialize stats in
daemon/remote.c.
- CVE-2013-4296
* SECURITY UPDATE: denial of service via bitmap string out of bounds
- debian/patches/CVE-2013-5651.patch: replace virBitmapIsSet usage in
src/util/virbitmap.c, properly handle errors in
- CVE-2013-5651
.
libvirt (1.0.2-0ubuntu11.13.04.2) raring-security; urgency=low
.
* SECURITY UPDATE: remote denial of service via file descriptor leak
- debian/patches/CVE-2013-1962.patch: properly free pool in
daemon/remote.c.
- CVE-2013-1962
Date: Wed, 23 Oct 2013 13:27:12 -0700
Changed-By: James Page <james.page at ubuntu.com>
Signed-By: James Page <james.page at ubuntu.com>
Published-By: Adam Gandelman <adamg at ubuntu.com>
More information about the Cloud-archive-changes
mailing list