Description: "An issue was discovered in qemuDomainGetStatsIOThread in qemu/qemu_driver.c in libvirt 4.10.0 though 6.x before 6.1.0. A memory leak was found in the virDomainListGetStats libvirt API that is responsible for retrieving domain statistics when managing QEMU guests. This flaw allows unprivileged users with a read-only connection to cause a memory leak in the domstats command, resulting in a potential denial of service."
@maintainer(s), please advise if ready for stabilisation, or call yourself.
@maintainer(s), please cleanup
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=501ec32e4825e536fe36c691dfc01d9a2346276a commit 501ec32e4825e536fe36c691dfc01d9a2346276a Author: Marek Szuba <marecki@gentoo.org> AuthorDate: 2020-07-21 17:25:04 +0000 Commit: Marek Szuba <marecki@gentoo.org> CommitDate: 2020-07-21 18:10:40 +0000 app-emulation/libvirt: remove old Includes versions vulnerable to CVE-2020-12430. Approved by tamiko on IRC. Bug: https://bugs.gentoo.org/719962 Signed-off-by: Marek Szuba <marecki@gentoo.org> app-emulation/libvirt/Manifest | 2 - ...irt-1.2.16-fix_paths_in_libvirt-guests_sh.patch | 19 -- .../libvirt-5.2.0-fix-paths-for-apparmor.patch | 116 ------- ...d-the-agent-job-in-qemuDomainSetTimeAgent.patch | 39 --- app-emulation/libvirt/files/libvirtd.init-r18 | 33 -- app-emulation/libvirt/files/virtlockd.init-r1 | 23 -- app-emulation/libvirt/files/virtlogd.init-r1 | 23 -- app-emulation/libvirt/libvirt-6.0.0-r3.ebuild | 360 --------------------- app-emulation/libvirt/libvirt-6.1.0-r1.ebuild | 358 -------------------- app-emulation/libvirt/metadata.xml | 3 - 10 files changed, 976 deletions(-)
