Your message dated Tue, 12 Jul 2011 15:17:41 +0000
with message-id <[email protected]>
and subject line Bug#633630: fixed in libvirt 0.9.2-7
has caused the Debian Bug report #633630,
regarding CVE-2011-2511 libvirt: integer overflow in VirDomainGetVcpus
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
633630: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=633630
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: libvirt
Version: 0.9.2
Severity: important
Tags: security
Hi Guido
In [1] (CVE-2011-2511) an integer overflow in VirDomainGetVcpus for
libvirt is mentioned. This is fixed in new upstream 0.9.3. Here [2] is
the patch applied by upstream. Can/should there be an update to for
stable (if affected?).
[1] http://www.securityfocus.com/bid/48478/info
[2] https://www.redhat.com/archives/libvir-list/2011-June/msg01278.html
[3] http://security-tracker.debian.org/CVE-2011-2511
Regards
Salvatore
-- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-5-amd64 (SMP w/8 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash
--- End Message ---
--- Begin Message ---
Source: libvirt
Source-Version: 0.9.2-7
We believe that the bug you reported is fixed in the latest version of
libvirt, which is due to be installed in the Debian FTP archive:
libvirt-bin_0.9.2-7_i386.deb
to main/libv/libvirt/libvirt-bin_0.9.2-7_i386.deb
libvirt-dev_0.9.2-7_i386.deb
to main/libv/libvirt/libvirt-dev_0.9.2-7_i386.deb
libvirt-doc_0.9.2-7_all.deb
to main/libv/libvirt/libvirt-doc_0.9.2-7_all.deb
libvirt0-dbg_0.9.2-7_i386.deb
to main/libv/libvirt/libvirt0-dbg_0.9.2-7_i386.deb
libvirt0_0.9.2-7_i386.deb
to main/libv/libvirt/libvirt0_0.9.2-7_i386.deb
libvirt_0.9.2-7.debian.tar.gz
to main/libv/libvirt/libvirt_0.9.2-7.debian.tar.gz
libvirt_0.9.2-7.dsc
to main/libv/libvirt/libvirt_0.9.2-7.dsc
python-libvirt_0.9.2-7_i386.deb
to main/libv/libvirt/python-libvirt_0.9.2-7_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Guido Günther <[email protected]> (supplier of updated libvirt package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Tue, 12 Jul 2011 15:07:39 +0200
Source: libvirt
Binary: libvirt-bin libvirt0 libvirt0-dbg libvirt-doc libvirt-dev python-libvirt
Architecture: source all i386
Version: 0.9.2-7
Distribution: unstable
Urgency: low
Maintainer: Debian Libvirt Maintainers
<[email protected]>
Changed-By: Guido Günther <[email protected]>
Description:
libvirt-bin - the programs for the libvirt library
libvirt-dev - development files for the libvirt library
libvirt-doc - documentation for the libvirt library
libvirt0 - library for interfacing with different virtualization systems
libvirt0-dbg - library for interfacing with different virtualization systems
python-libvirt - libvirt Python bindings
Closes: 633630
Changes:
libvirt (0.9.2-7) unstable; urgency=low
.
* [9c99f46] CVE-2011-2511: Fix integer overflow in VirDomainGetVcpus. Patch
taken verbatim from upstream's git. (Closes: #633630)
Checksums-Sha1:
5701dc41b79e5e0848c3652a2a8dc4defc90468d 1915 libvirt_0.9.2-7.dsc
c785632390b3d5fd1c407bafc43799f1800fe192 81748 libvirt_0.9.2-7.debian.tar.gz
5cf6b88e97b8b2eac860f7179aac22303cca99c0 1577686 libvirt-doc_0.9.2-7_all.deb
18e782e716bd3e05a834a28a4df01d6764937ff3 1508612 libvirt-bin_0.9.2-7_i386.deb
15da586101d076b29dfcafbf57204ad6f9187737 1455902 libvirt0_0.9.2-7_i386.deb
6ac3864377c7405a1e4376c4502f5cef357c6748 4185156 libvirt0-dbg_0.9.2-7_i386.deb
8ee87ef6e1e07ee833ea7fdd7879ef6c19a44ee8 1745260 libvirt-dev_0.9.2-7_i386.deb
986efd990475ee32613fbae05e0307d741cefe82 726704 python-libvirt_0.9.2-7_i386.deb
Checksums-Sha256:
582462add43fc87ed770a312f5a50fe341ba6f8412a4b44315e1fd3bfad18a6d 1915
libvirt_0.9.2-7.dsc
9c156245909030bbb5b77ca431dd1a2ec7e234e8bf69fc1456389d5ccb07b8fa 81748
libvirt_0.9.2-7.debian.tar.gz
f13c7b3290fa5240251173a4d50161cc2be37f982a54697fac1cce8a758a77de 1577686
libvirt-doc_0.9.2-7_all.deb
259c42fd0cde51a7aab1e05f8ba66f6f585ab6484c5f4de6f083fd4493845b6f 1508612
libvirt-bin_0.9.2-7_i386.deb
ce3616420034b89a59ed7c4d802ab5bb7c2ebaa5d2222754b1c719a0e561239c 1455902
libvirt0_0.9.2-7_i386.deb
3edf2e8745d59529dad461039590831238e1e630bf36dc64320d0bcaafd23091 4185156
libvirt0-dbg_0.9.2-7_i386.deb
2dc873c18416bf0f40b450eb2d97a2d8d442dfdb66fa54bf3b740e10d731663d 1745260
libvirt-dev_0.9.2-7_i386.deb
bf8828c72c9dcfb3f9beca62ea0ee8343781e97324026418ee379034cc9aee31 726704
python-libvirt_0.9.2-7_i386.deb
Files:
7d1e9b0327abae8b45cbc94f4b20b944 1915 libs optional libvirt_0.9.2-7.dsc
5429ac88bb793cebdd9fcae15af38a4f 81748 libs optional
libvirt_0.9.2-7.debian.tar.gz
576c54949cd4e3e3783ba408f27eb599 1577686 doc optional
libvirt-doc_0.9.2-7_all.deb
7c0aad0a8830f2ddbb453ccebac0ef30 1508612 admin optional
libvirt-bin_0.9.2-7_i386.deb
7d6abf58c8acd3b3598a93f5ef09f618 1455902 libs optional
libvirt0_0.9.2-7_i386.deb
4e760a4d2a02841c57c7c1c159c8c5f8 4185156 debug extra
libvirt0-dbg_0.9.2-7_i386.deb
2f0d30d0f894da250a964949d09088bc 1745260 libdevel optional
libvirt-dev_0.9.2-7_i386.deb
427f85f1b3a9b49f5d8e46201ef8ee24 726704 python optional
python-libvirt_0.9.2-7_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iD8DBQFOHGULn88szT8+ZCYRAvL3AJ9tsi+p+Fb7sE2vSdcvK6vVhUIo/wCfdsoL
w+/4KsDoIjwk2aJTGdPDEJU=
=faxP
-----END PGP SIGNATURE-----
--- End Message ---
