Summary: | <app-emulation/libvirt-1.2.9-r2: dumpxml: information leak with migratable flag (CVE-2014-7823) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | cardoe, tamiko, virtualization |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=1160817 | ||
Whiteboard: | B4 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2014-11-06 13:55:37 UTC
*libvirt-1.2.10 (06 Nov 2014) *libvirt-1.2.9-r2 (06 Nov 2014) 06 Nov 2014; Matthias Maier <tamiko@gentoo.org> +files/libvirt-1.2.10-cve-2014-7823.patch, +files/libvirt-1.2.9-cve-2014-7823.patch, +libvirt-1.2.10.ebuild, +libvirt-1.2.9-r2.ebuild, -libvirt-1.2.9-r1.ebuild, libvirt-9999.ebuild: version bump wrt bug #528300, backport fix for CVE-2014-7823 wrt bug #528440, drop vulnerable Vulnerable version in tree: 1.2.9 Patched/unaffected: 1.2.9-r2, 1.2.10, 9999 Arches, please mark stable app-emulation/libvirt-1.2.9-r2 Target keywords: amd64 x86 amd64 stable x86 stable. Maintainer(s), please cleanup. Security, please vote. 08 Nov 2014; Matthias Maier <tamiko@gentoo.org> -libvirt-1.2.9.ebuild: drop vulnerable wrt bug #528440 Added to existing GLSA draft This issue was resolved and addressed in GLSA 201412-04 at http://security.gentoo.org/glsa/glsa-201412-04.xml by GLSA coordinator Kristian Fiskerstrand (K_F). |