CVE-2009-0036 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0036): Buffer overflow in the proxyReadClientSocket function in proxy/libvirt_proxy.c in libvirt_proxy 0.5.1 might allow local users to gain privileges by sending a portion of the header of a virProxyPacket packet, and then sending the remainder of the packet with crafted values in the header, related to use of uninitialized memory in a validation check.
Oldest version in the tree is 0.6.3. Looking for feedback from the security team.
Sorry for the mis-reassignment. But since we don't have stable for libvirt, and we don't have that version around for a looong time, can we just close this up? Thanks.
libvirt 0.7.2, the oldest version in the tree has the patch [0] applied. Closing noglsa. [0] https://www.redhat.com/archives/libvir-list/2009-January/msg00699.html