Your message dated Thu, 14 Jun 2012 18:17:57 +0000
with message-id <[email protected]>
and subject line Bug#677496: fixed in libvirt 0.9.12-2
has caused the Debian Bug report #677496,
regarding CVE-2012-2693
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
677496: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677496
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: libvirt
Severity: important
Tags: security
This is already fixed in experimental, but I'm not sure if 0.9.12 is targeted
at Wheezy, so I'm filing a bug.
There's a security issue in libvirt concerning USB handling, it was fixed by
the patches listed in this Red Hat bug:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-2693
The impact seems minor to me, so I don't think we need a DSA for Squeeze.
Cheers,
Moritz
--- End Message ---
--- Begin Message ---
Source: libvirt
Source-Version: 0.9.12-2
We believe that the bug you reported is fixed in the latest version of
libvirt, which is due to be installed in the Debian FTP archive:
libvirt-bin_0.9.12-2_i386.deb
to main/libv/libvirt/libvirt-bin_0.9.12-2_i386.deb
libvirt-dev_0.9.12-2_i386.deb
to main/libv/libvirt/libvirt-dev_0.9.12-2_i386.deb
libvirt-doc_0.9.12-2_all.deb
to main/libv/libvirt/libvirt-doc_0.9.12-2_all.deb
libvirt0-dbg_0.9.12-2_i386.deb
to main/libv/libvirt/libvirt0-dbg_0.9.12-2_i386.deb
libvirt0_0.9.12-2_i386.deb
to main/libv/libvirt/libvirt0_0.9.12-2_i386.deb
libvirt_0.9.12-2.debian.tar.gz
to main/libv/libvirt/libvirt_0.9.12-2.debian.tar.gz
libvirt_0.9.12-2.dsc
to main/libv/libvirt/libvirt_0.9.12-2.dsc
python-libvirt_0.9.12-2_i386.deb
to main/libv/libvirt/python-libvirt_0.9.12-2_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Guido Günther <[email protected]> (supplier of updated libvirt package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Thu, 14 Jun 2012 19:37:42 +0200
Source: libvirt
Binary: libvirt-bin libvirt0 libvirt0-dbg libvirt-doc libvirt-dev python-libvirt
Architecture: source all i386
Version: 0.9.12-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Libvirt Maintainers
<[email protected]>
Changed-By: Guido Günther <[email protected]>
Description:
libvirt-bin - programs for the libvirt library
libvirt-dev - development files for the libvirt library
libvirt-doc - documentation for the libvirt library
libvirt0 - library for interfacing with different virtualization systems
libvirt0-dbg - library for interfacing with different virtualization systems
python-libvirt - libvirt Python bindings
Closes: 663931 676328 677496
Changes:
libvirt (0.9.12-2) unstable; urgency=medium
.
* Upload to unstable to fix CVE-2012-2693. Bumping urgency to medium.
(Closes: #677496)
* [9515e28] Only check for cluster fs if we're using a filesystem
(Closes: #676328)
* [202939f] Reduce udevadm settle timeout to 10 seconds
(Closes: #663931)
Checksums-Sha1:
00ba16d1a0f1c4b970d32e6ccccede91b2d815d6 2276 libvirt_0.9.12-2.dsc
48be314b559c31cd4763c21b784bf4e48eca17d3 35441 libvirt_0.9.12-2.debian.tar.gz
ef1b53f22f009a7d6f6a459e97a7f790db77efa6 2173380 libvirt-doc_0.9.12-2_all.deb
4f554b618f18cf33c271e2fc079174cc3da4f818 2333008 libvirt-bin_0.9.12-2_i386.deb
43980f513fc4f635ed5d9ea2af518b7db0692420 2121902 libvirt0_0.9.12-2_i386.deb
e7d8a2446def01d0eecc96ba013df9d04d63dbdc 7472256 libvirt0-dbg_0.9.12-2_i386.deb
380a2455ca818b883aea3dca694a66979c7a9b61 2502586 libvirt-dev_0.9.12-2_i386.deb
15d59fcd07b142b9d7790bbc289aeed541989812 1420246
python-libvirt_0.9.12-2_i386.deb
Checksums-Sha256:
b249482fc0444784a971f6effb735ac6686430ce0aab1aeeb140a893b12350ea 2276
libvirt_0.9.12-2.dsc
4b1ca4bde14cca16c1f7deeb3b37ed6cdc8f91d23c04b8c3310b4037eb792897 35441
libvirt_0.9.12-2.debian.tar.gz
f3548760ad7caad0d4bb22da0a3dfbf4ff20fda14f039d253f2ea407642ac6b6 2173380
libvirt-doc_0.9.12-2_all.deb
6f1a28a01605be3f8cae2521f0ac8cdf56340d3a88ca8bc517188013f45a3431 2333008
libvirt-bin_0.9.12-2_i386.deb
c3b90552d0ead56996640f2a05171eee5501113c7b883439d4cf0ee3128cae8b 2121902
libvirt0_0.9.12-2_i386.deb
a4e94902b478b297ae845edc906d6535bd54457cd41b3fdb19b4169e773e4099 7472256
libvirt0-dbg_0.9.12-2_i386.deb
89c1341462ef71e7dadf5dfe236b1d0a8b3281c7be20b2e1ae1bfa1d9d0bb5b1 2502586
libvirt-dev_0.9.12-2_i386.deb
ab5afb31dfcf57b6592bddaafee7d09ede37087255a6c5aea082e0348daaed63 1420246
python-libvirt_0.9.12-2_i386.deb
Files:
ad237415627145635281cc6209aee2d7 2276 libs optional libvirt_0.9.12-2.dsc
6225b697cf84c1620cf92e25ede7a3d1 35441 libs optional
libvirt_0.9.12-2.debian.tar.gz
748f1948a9f5f52801555ddbc11d7f85 2173380 doc optional
libvirt-doc_0.9.12-2_all.deb
8ad22d3b0858e598ad717946c8aa6e3e 2333008 admin optional
libvirt-bin_0.9.12-2_i386.deb
4cdac9cdd72e797284e2228fdbcce84c 2121902 libs optional
libvirt0_0.9.12-2_i386.deb
cf126b2cf0cd89a30c4b5d33f233281e 7472256 debug extra
libvirt0-dbg_0.9.12-2_i386.deb
19d15d7c53b556d8d92a6a2259085d85 2502586 libdevel optional
libvirt-dev_0.9.12-2_i386.deb
09c682c7311b3aa6604a1990808f55f2 1420246 python optional
python-libvirt_0.9.12-2_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iD8DBQFP2ijin88szT8+ZCYRAtiKAJ4p6CSZRW4pd0SLgZJGUYEQs/q/+wCbBhBT
SjRtq4LoKtZB/3mC2mZQTn8=
=YeVA
-----END PGP SIGNATURE-----
--- End Message ---
