Bug#633630: marked as done (CVE-2011-2511 libvirt: integer overflow in VirDomainGetVcpus)

Debian Bug Tracking System Tue, 19 Jul 2011 13:03:27 -0700

Your message dated Tue, 19 Jul 2011 20:00:18 +0000
with message-id <[email protected]>
and subject line Bug#633630: fixed in libvirt 0.8.3-5+squeeze2
has caused the Debian Bug report #633630,
regarding CVE-2011-2511 libvirt: integer overflow in VirDomainGetVcpus
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
633630: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=633630
Debian Bug Tracking System
Contact [email protected] with problems

--- Begin Message ---

Source: libvirt
Version: 0.9.2
Severity: important
Tags: security

Hi Guido

In [1] (CVE-2011-2511) an integer overflow in VirDomainGetVcpus for
libvirt is mentioned. This is fixed in new upstream 0.9.3. Here [2] is
the patch applied by upstream. Can/should there be an update to for
stable (if affected?).

 [1] http://www.securityfocus.com/bid/48478/info
 [2] https://www.redhat.com/archives/libvir-list/2011-June/msg01278.html
 [3] http://security-tracker.debian.org/CVE-2011-2511

Regards
Salvatore

-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-5-amd64 (SMP w/8 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash

--- End Message ---

--- Begin Message ---

Source: libvirt
Source-Version: 0.8.3-5+squeeze2

We believe that the bug you reported is fixed in the latest version of
libvirt, which is due to be installed in the Debian FTP archive:

libvirt-bin_0.8.3-5+squeeze2_i386.deb
  to main/libv/libvirt/libvirt-bin_0.8.3-5+squeeze2_i386.deb
libvirt-dev_0.8.3-5+squeeze2_i386.deb
  to main/libv/libvirt/libvirt-dev_0.8.3-5+squeeze2_i386.deb
libvirt-doc_0.8.3-5+squeeze2_all.deb
  to main/libv/libvirt/libvirt-doc_0.8.3-5+squeeze2_all.deb
libvirt0-dbg_0.8.3-5+squeeze2_i386.deb
  to main/libv/libvirt/libvirt0-dbg_0.8.3-5+squeeze2_i386.deb
libvirt0_0.8.3-5+squeeze2_i386.deb
  to main/libv/libvirt/libvirt0_0.8.3-5+squeeze2_i386.deb
libvirt_0.8.3-5+squeeze2.debian.tar.gz
  to main/libv/libvirt/libvirt_0.8.3-5+squeeze2.debian.tar.gz
libvirt_0.8.3-5+squeeze2.dsc
  to main/libv/libvirt/libvirt_0.8.3-5+squeeze2.dsc
python-libvirt_0.8.3-5+squeeze2_i386.deb
  to main/libv/libvirt/python-libvirt_0.8.3-5+squeeze2_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Guido Günther <[email protected]> (supplier of updated libvirt package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Wed, 13 Jul 2011 20:32:22 +0200
Source: libvirt
Binary: libvirt-bin libvirt0 libvirt0-dbg libvirt-doc libvirt-dev python-libvirt
Architecture: source all i386
Version: 0.8.3-5+squeeze2
Distribution: stable-security
Urgency: low
Maintainer: Debian Libvirt Maintainers 
<[email protected]>
Changed-By: Guido Günther <[email protected]>
Description: 
 libvirt-bin - the programs for the libvirt library
 libvirt-dev - development files for the libvirt library
 libvirt-doc - documentation for the libvirt library
 libvirt0   - library for interfacing with different virtualization systems
 libvirt0-dbg - library for interfacing with different virtualization systems
 python-libvirt - libvirt Python bindings
Closes: 623222 633630
Changes: 
 libvirt (0.8.3-5+squeeze2) stable-security; urgency=low
 .
   * [ac67c93] CVE-2011-1486: Make error reporting in libvirtd thread safe
     (Closes: #623222)
   * [eafb3d8] CVE-2011-2511: Fix integer overflow in VirDomainGetVcpus
     (Closes: #633630)
Checksums-Sha1: 
 612aec4fb52c4a37ebe29da5ed764ca46441dd6b 1910 libvirt_0.8.3-5+squeeze2.dsc
 5f66c739c7ccdb0570391d1068b0f4328e3c962c 36665 
libvirt_0.8.3-5+squeeze2.debian.tar.gz
 09c2f167f3328e6250d4c0eb66f6e44bc903d68d 1120066 
libvirt-doc_0.8.3-5+squeeze2_all.deb
 f63221e799ffdbf3ff3aa9f3b722d8bc428c08e1 1022934 
libvirt-bin_0.8.3-5+squeeze2_i386.deb
 1dca52c4eb8791c8f9708d543035a8bcc522b381 955230 
libvirt0_0.8.3-5+squeeze2_i386.deb
 63fd122e8a5f85b7be23c3a138988c43187cdb5b 3046518 
libvirt0-dbg_0.8.3-5+squeeze2_i386.deb
 859920380a64ae299e6be5fd4992050009efa259 1176804 
libvirt-dev_0.8.3-5+squeeze2_i386.deb
 b9fee74eb56130f0edfdaf1981bab756d4e4c315 440234 
python-libvirt_0.8.3-5+squeeze2_i386.deb
Checksums-Sha256: 
 1dd3353f681f461715f070e9aeb76a123d96d5db3c8cd288345c910bb139f292 1910 
libvirt_0.8.3-5+squeeze2.dsc
 0017f45875038570c7c5dade0f6f65150c86649eeaad0643331ea433f3fadc38 36665 
libvirt_0.8.3-5+squeeze2.debian.tar.gz
 1f65fc9bb93af4505144f311a0607681a22d8cba5ef9121749889d162a947736 1120066 
libvirt-doc_0.8.3-5+squeeze2_all.deb
 9e4c43002eba19ec694e2cb35f684f63ce76083e4016e2881bc2140f44cf0976 1022934 
libvirt-bin_0.8.3-5+squeeze2_i386.deb
 67dd72a45528461a97f15015fa8472560d80b3c7a5cc1710ae22f86920a345d6 955230 
libvirt0_0.8.3-5+squeeze2_i386.deb
 4b596b3bf584e29818a528df9cab788beaec273247eea53f10101e6c34f1f6d6 3046518 
libvirt0-dbg_0.8.3-5+squeeze2_i386.deb
 cedfe972c987c659e73d5a25a0da1a412c333d7347bbaf0a82b281f04e12de4f 1176804 
libvirt-dev_0.8.3-5+squeeze2_i386.deb
 e6512eda17b4e7f418f707d6e2d9825992af3af9a1d09dde7e72840467bd91a2 440234 
python-libvirt_0.8.3-5+squeeze2_i386.deb
Files: 
 6ed4c950f68e03ea10e2631a8c406b40 1910 libs optional 
libvirt_0.8.3-5+squeeze2.dsc
 d3983d7de34e8a42692118db83b6bd79 36665 libs optional 
libvirt_0.8.3-5+squeeze2.debian.tar.gz
 3f4ae27e7a6e605a5d7bf85118ef326d 1120066 doc optional 
libvirt-doc_0.8.3-5+squeeze2_all.deb
 ea046ebf07198a6ff7b197c387e64092 1022934 admin optional 
libvirt-bin_0.8.3-5+squeeze2_i386.deb
 134d3387a30d9acbc01bf0852bfff67a 955230 libs optional 
libvirt0_0.8.3-5+squeeze2_i386.deb
 4872315a9e1dcb7b9ba2c2aedce0d8f8 3046518 debug extra 
libvirt0-dbg_0.8.3-5+squeeze2_i386.deb
 5aafaca4b04abd96d61e1a56dcbe11c5 1176804 libdevel optional 
libvirt-dev_0.8.3-5+squeeze2_i386.deb
 efca68131ea54e55cfbf22145cda09a6 440234 python optional 
python-libvirt_0.8.3-5+squeeze2_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iD8DBQFOId+Un88szT8+ZCYRAsy0AJ9oZIY0Yr8hFTViF4QXWtHywOyDsACdFMLg
OgqSRdNhPjLqO9zNULMfOyA=
=SjLM
-----END PGP SIGNATURE-----

--- End Message ---

Bug#633630: marked as done (CVE-2011-2511 libvirt: integer overflow in VirDomainGetVcpus)

Reply via email to