Bug#633630: marked as done (CVE-2011-2511 libvirt: integer overflow in VirDomainGetVcpus)

Debian Bug Tracking System Tue, 19 Jul 2011 13:03:25 -0700

Your message dated Tue, 19 Jul 2011 19:59:58 +0000
with message-id <[email protected]>
and subject line Bug#633630: fixed in libvirt 0.4.6-10+lenny2
has caused the Debian Bug report #633630,
regarding CVE-2011-2511 libvirt: integer overflow in VirDomainGetVcpus
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
633630: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=633630
Debian Bug Tracking System
Contact [email protected] with problems

--- Begin Message ---

Source: libvirt
Version: 0.9.2
Severity: important
Tags: security

Hi Guido

In [1] (CVE-2011-2511) an integer overflow in VirDomainGetVcpus for
libvirt is mentioned. This is fixed in new upstream 0.9.3. Here [2] is
the patch applied by upstream. Can/should there be an update to for
stable (if affected?).

 [1] http://www.securityfocus.com/bid/48478/info
 [2] https://www.redhat.com/archives/libvir-list/2011-June/msg01278.html
 [3] http://security-tracker.debian.org/CVE-2011-2511

Regards
Salvatore

-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-5-amd64 (SMP w/8 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash

--- End Message ---

--- Begin Message ---

Source: libvirt
Source-Version: 0.4.6-10+lenny2

We believe that the bug you reported is fixed in the latest version of
libvirt, which is due to be installed in the Debian FTP archive:

libvirt-bin_0.4.6-10+lenny2_i386.deb
  to main/libv/libvirt/libvirt-bin_0.4.6-10+lenny2_i386.deb
libvirt-dev_0.4.6-10+lenny2_i386.deb
  to main/libv/libvirt/libvirt-dev_0.4.6-10+lenny2_i386.deb
libvirt-doc_0.4.6-10+lenny2_all.deb
  to main/libv/libvirt/libvirt-doc_0.4.6-10+lenny2_all.deb
libvirt0-dbg_0.4.6-10+lenny2_i386.deb
  to main/libv/libvirt/libvirt0-dbg_0.4.6-10+lenny2_i386.deb
libvirt0_0.4.6-10+lenny2_i386.deb
  to main/libv/libvirt/libvirt0_0.4.6-10+lenny2_i386.deb
libvirt_0.4.6-10+lenny2.diff.gz
  to main/libv/libvirt/libvirt_0.4.6-10+lenny2.diff.gz
libvirt_0.4.6-10+lenny2.dsc
  to main/libv/libvirt/libvirt_0.4.6-10+lenny2.dsc
python-libvirt_0.4.6-10+lenny2_i386.deb
  to main/libv/libvirt/python-libvirt_0.4.6-10+lenny2_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Guido Günther <[email protected]> (supplier of updated libvirt package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sat, 16 Jul 2011 21:21:24 +0200
Source: libvirt
Binary: libvirt-bin libvirt0 libvirt0-dbg libvirt-doc libvirt-dev python-libvirt
Architecture: source all i386
Version: 0.4.6-10+lenny2
Distribution: oldstable-security
Urgency: low
Maintainer: Debian Libvirt Maintainers 
<[email protected]>
Changed-By: Guido Günther <[email protected]>
Description: 
 libvirt-bin - the programs for the libvirt library
 libvirt-dev - development files for the libvirt library
 libvirt-doc - documentation for the libvirt library
 libvirt0   - library for interfacing with different virtualization systems
 libvirt0-dbg - library for interfacing with different virtualization systems
 python-libvirt - libvirt Python bindings
Closes: 633630
Changes: 
 libvirt (0.4.6-10+lenny2) oldstable-security; urgency=low
 .
   * [bb53af0] CVE-2011-2511: Fix integer overflow in VirDomainGetVcpus
     (Closes: #633630)
Checksums-Sha1: 
 35511c42eac104cdf63ba86597a223ec0d01ede6 1626 libvirt_0.4.6-10+lenny2.dsc
 dd6994e09789e19679cae4bdd65f2d7aea9cf8d0 5255397 libvirt_0.4.6.orig.tar.gz
 c3c402d2833ff11ef51d4cafeacb4c74eef5a314 23476 libvirt_0.4.6-10+lenny2.diff.gz
 57fd3138f072281d6aed9cddda1b00a7a54e4209 573262 
libvirt-doc_0.4.6-10+lenny2_all.deb
 0e3749efdb31f57ffab11f175c744b2584e6de96 221340 
libvirt-bin_0.4.6-10+lenny2_i386.deb
 ad472234675185ee27316d364b9999fac966a6bd 346778 
libvirt0_0.4.6-10+lenny2_i386.deb
 b6b0c94cdbefb0282ee6cf2a55f0534f1cf2b929 658352 
libvirt0-dbg_0.4.6-10+lenny2_i386.deb
 f428ef882e7b9ae9987c9878cf7fd067c4367367 407490 
libvirt-dev_0.4.6-10+lenny2_i386.deb
 601bc7aa1c369cf030946fc57f78bf308b95b512 147694 
python-libvirt_0.4.6-10+lenny2_i386.deb
Checksums-Sha256: 
 de092051e3178197c8f002f3f93a5df765499516ad7508b63dd1b8319f6ee044 1626 
libvirt_0.4.6-10+lenny2.dsc
 70049e309632718af75cd11116063ade45eb2879eb9e7ac7c6106559d344a37a 5255397 
libvirt_0.4.6.orig.tar.gz
 5ff833271688aac7bbd6a6e09e973ee3db3bb2c4bba9aaf315d334ec40923f09 23476 
libvirt_0.4.6-10+lenny2.diff.gz
 291774f4ca656f27febf5805e657d7046a15173514a670e51e9edef3cc557a51 573262 
libvirt-doc_0.4.6-10+lenny2_all.deb
 1da9c01b19fc75e3184a2defdfcf13f8045e5e4a2318af4c07914121b2e69ab7 221340 
libvirt-bin_0.4.6-10+lenny2_i386.deb
 a3d57282024f485a9ded568f81ef72e811bba23aa4d9c1e327f324802b0ff085 346778 
libvirt0_0.4.6-10+lenny2_i386.deb
 f6517a738662e9671f52426e4bbb08fc27a471bae09c09dce56c12719ae11805 658352 
libvirt0-dbg_0.4.6-10+lenny2_i386.deb
 31350ddf64abedd6c88a7f28fb7398e8f9aadcecdabdd9041f5c35400b93aabf 407490 
libvirt-dev_0.4.6-10+lenny2_i386.deb
 77eb528d51dbff4cc441a1b4f5b8854708bf72a11fa581cc7b399faf0c6f4b4f 147694 
python-libvirt_0.4.6-10+lenny2_i386.deb
Files: 
 7e72c2b15bf2dbccfbfcb202b0e68426 1626 libs optional libvirt_0.4.6-10+lenny2.dsc
 abdf727deaffd868172f7243eb75ffe3 5255397 libs optional 
libvirt_0.4.6.orig.tar.gz
 52868f09ee851959e5892c82bf57d8ac 23476 libs optional 
libvirt_0.4.6-10+lenny2.diff.gz
 70f1899aab22fe1cb0a56a5b47051a31 573262 doc optional 
libvirt-doc_0.4.6-10+lenny2_all.deb
 af5b615d274b03736503a34826c39d04 221340 admin optional 
libvirt-bin_0.4.6-10+lenny2_i386.deb
 f1e0fe3d43d5c1823eab85752ea006b0 346778 libs optional 
libvirt0_0.4.6-10+lenny2_i386.deb
 6835e94691f9ecaeff85fa06fcfb803e 658352 libs extra 
libvirt0-dbg_0.4.6-10+lenny2_i386.deb
 48e234b5c3e173754144e9e87b8c2f16 407490 libdevel optional 
libvirt-dev_0.4.6-10+lenny2_i386.deb
 b73c8cd040e0cac21967d6345d31297a 147694 python optional 
python-libvirt_0.4.6-10+lenny2_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iD8DBQFOJBZwn88szT8+ZCYRAgq1AJ9TJn4xcyxNaNELqCpQi/iA4kCx9ACbBm59
csYzqIYzqC0LpHlS8ziMPGM=
=Fz3e
-----END PGP SIGNATURE-----

--- End Message ---

Bug#633630: marked as done (CVE-2011-2511 libvirt: integer overflow in VirDomainGetVcpus)

Reply via email to