[ubuntu/eoan-proposed] libvirt 5.4.0-0ubuntu3 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Tue Jul 2 13:42:18 UTC 2019 

libvirt (5.4.0-0ubuntu3) eoan; urgency=medium

  * SECURITY UPDATE: virDomainSaveImageGetXMLDesc does not check for
    read-only connection
    - debian/patches/CVE-2019-10161.patch: add check to
      src/libvirt-domain.c, src/qemu/qemu_driver.c,
      src/remote/remote_protocol.x.
    - CVE-2019-10161
  * SECURITY UPDATE: virDomainManagedSaveDefineXML does not check for
    read-only connection
    - debian/patches/CVE-2019-10166.patch: add check to
      src/libvirt-domain.c.
    - CVE-2019-10166
  * SECURITY UPDATE: virConnectGetDomainCapabilities does not check for
    read-only connection
    - debian/patches/CVE-2019-10167.patch: add check to
      src/libvirt-domain.c.
    - CVE-2019-10167
  * SECURITY UPDATE: virConnect*HypervisorCPU do not check for read-only
    connection
    - debian/patches/CVE-2019-10168.patch: add checks to
      src/libvirt-host.c.
    - CVE-2019-10168

Date: Tue, 02 Jul 2019 08:08:33 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/libvirt/5.4.0-0ubuntu3
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 02 Jul 2019 08:08:33 -0400
Source: libvirt
Architecture: source
Version: 5.4.0-0ubuntu3
Distribution: eoan
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Changes:
 libvirt (5.4.0-0ubuntu3) eoan; urgency=medium
 .
   * SECURITY UPDATE: virDomainSaveImageGetXMLDesc does not check for
     read-only connection
     - debian/patches/CVE-2019-10161.patch: add check to
       src/libvirt-domain.c, src/qemu/qemu_driver.c,
       src/remote/remote_protocol.x.
     - CVE-2019-10161
   * SECURITY UPDATE: virDomainManagedSaveDefineXML does not check for
     read-only connection
     - debian/patches/CVE-2019-10166.patch: add check to
       src/libvirt-domain.c.
     - CVE-2019-10166
   * SECURITY UPDATE: virConnectGetDomainCapabilities does not check for
     read-only connection
     - debian/patches/CVE-2019-10167.patch: add check to
       src/libvirt-domain.c.
     - CVE-2019-10167
   * SECURITY UPDATE: virConnect*HypervisorCPU do not check for read-only
     connection
     - debian/patches/CVE-2019-10168.patch: add checks to
       src/libvirt-host.c.
     - CVE-2019-10168
Checksums-Sha1:
 88491577028916a5296c9047f9154d18fda869b8 4613 libvirt_5.4.0-0ubuntu3.dsc
 94ed70d16c5413776bb0d98467ef73003dba2fd8 130332 libvirt_5.4.0-0ubuntu3.debian.tar.xz
 60bbacc4bd4630dc771b426649c81bcc2143d834 13733 libvirt_5.4.0-0ubuntu3_source.buildinfo
Checksums-Sha256:
 750a5111c8ff840157d4ec5d1e488ba98650acee951451a7658b3087ce2189a4 4613 libvirt_5.4.0-0ubuntu3.dsc
 8d01745d84601eb9136f372732d1247b0f8d88ceaaf8af16815f339aa659bf96 130332 libvirt_5.4.0-0ubuntu3.debian.tar.xz
 92cb9a7160fe1fdf6797961cd69c796452e5831f274b0e758cfe871e2dedbea0 13733 libvirt_5.4.0-0ubuntu3_source.buildinfo
Files:
 326a35fe794d8b48f5cf799abd3c0ebf 4613 libs optional libvirt_5.4.0-0ubuntu3.dsc
 75e20c8bb12bdbc3078a6420e695d3e9 130332 libs optional libvirt_5.4.0-0ubuntu3.debian.tar.xz
 b4e1992836720008f9ae7d956607fdcf 13733 libs optional libvirt_5.4.0-0ubuntu3_source.buildinfo
Original-Maintainer: Debian Libvirt Maintainers <pkg-libvirt-maintainers at lists.alioth.debian.org>

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAl0bXfcACgkQZWnYVadE
vpPoXBAAm660RvYFGXlrk1t+0fL5ezprYMbwCVPlI4QQYuBD+LS67+I9xE2+TKQc
XFzuQiJ3SGI5DSHLqjtxdZHUbqcfFI4bjshZjAhYwff+SOGcbl7GLpUQygJ5uOJ2
IfGWh4GNxT1IE/uD2+57/oxFlTn8Q6z0Z5xxxyOlVfNK7qXOoaIO1ZQ1/B5DQIWy
u7vCtiBivnIMrD4gRE0jJozYnzc3vz88jUROQlbJOVgCK6Hxr3zihPE4TYvWbOJX
STGuhXyyrQyRNxWpciEBfvauobzAHhF3oO7P7wl1VR/1LKnkmwqGrfYgUJVXNzIF
KD8TP1Cj2ahvWxhGXFDGyb0jlEjQA1CN0lTTzTF0Pkcxa5R19Uoz0taLmNqOUQKC
104VI8kHBarJDquJ9Myw2OH7DU2DNUn82h8szh6KUXHYdFK3T3fdyZOTPaYcPtG9
D5t/GOpueSQ1mRqq0l0bhh8JZN9LPRCAtzT+PQ+ej3ceEWUDj8VPD1w+671ZIkJ3
S6ubkp1T1tA4US3wJrfNJlBrtND71obEH8Wp+nz92qNmU6Ul562Fr3GmQZKBCeKY
O4f79BaLoIFaoEhwaUYzWYfFWtmbt5To+ur/h9AsqIRCLTwsd9ktsYLni4dLSvcP
aCbuKCUeCzsK4GVlnKb0Dc3o6y3xBAcozOhGwjxrNQSOjiTX1d0=
=BCQO
-----END PGP SIGNATURE-----

More information about the Eoan-changes mailing list