Dear release team, please unblock libvirt 0.7.3-1. The version should have hit the archive before the freeze got delayed by a couple of days. The upload fixes:
CVE-2010-2242, CVE-2010-2237, CVE-2010-2238, CVE-2010-2239 On Wed, Aug 18, 2010 at 11:01:31AM +0100, Adam D. Barratt wrote: > Please could you send a new mail regarding the unblock request? That will > allow us to keep track of it from a freeze point of view rather than > having it inside a different thread. > From a very quick look at the diff, there's at least > libvirt-0.8.3/src/esx/esx_driver.c | 1192 +- > libvirt-0.8.3/src/esx/esx_vi.c | 911 + > libvirt-0.8.3/src/util/storage_file.c | 762 - > which would need more careful review. We don't have the ESX driver currently enabled in libvirt. The file backend hat quiet some changes to fix the security issues. That's why it's actually safer to pull in this version instead of backporting for 0.8.2 given that 0.8.3 is what we aimed for in Squeeze anyway. Cheers, -- Guido -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
