From ${URL} : A NULL pointer dereference vulnerability was foound in virStorageSourceUpdateBlockPhysicalSize when attempted to call on empty drives. Unprivileged local user can trigger this bug to crash libvirtd. Upstream patch: https://libvirt.org/git/?p=libvirt.git;a=commit;h=c3de387380f6057ee0e46cd9f2f0a092e8070875 Introduced by: https://libvirt.org/git/?p=libvirt.git;a=commit;h=c5f6151390 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Removed affected version 3.0.0 from the tree. No stable version affected. No stabilization required. Security, please close. commit 2a650a7ed41a498c65defaab3cfabe12f3eb1e73 Author: Matthias Maier <tamiko@gentoo.org> Date: Sat Mar 4 15:05:41 2017 -0600 app-emulation/libvirt: drop vulnerable 3.0.0, bug #611388 Package-Manager: Portage-2.3.3, Repoman-2.3.2
Only affected ~ARCH ebuilds. Fixed in >=app-emulation/libvirt-3.1.0. Repository is clean.