On Thu, Oct 23, 2025 at 11:27:23AM +0100, Richard W.M. Jones via Libguestfs
wrote:
> We'll need to do a bit of coordination here:
>
> - We will need to backport the change to libnbd 1.22. Because the
> code changed substantially, the backport is effectively a new
> patch.
Done. In summary:
* libnbd 1.23 (development branch)
- Fixed in libnbd 1.23.9
- Tarball available here:
https://download.libguestfs.org/libnbd/1.23-development/
- Upstream fix:
https://gitlab.com/nbdkit/libnbd/-/commit/fffd87a3ba216cf2f9c212e5db96b13b98985edf
* libnbd 1.22 (stable branch)
- Fixed in libnbd 1.22.5
- Tarball available here:
https://download.libguestfs.org/libnbd/1.22-stable/
- Upstream fix:
https://gitlab.com/nbdkit/libnbd/-/commit/f461fe64d21fe8a6d32b56ccb50d06489d2e2698
https://gitlab.com/nbdkit/libnbd/-/commit/00181d26a4d891e2d7acdd0a309fbf2af01eb55e
* older branches of libnbd
- Not affected
> - Fedora will need to be updated <= I will do this when it goes upstream
Done.
> - Other Linux distro maintainers need to be notified <= I will do this now
Done.
> - RHEL will have to be updated, but I believe we're waiting on the
> decision of whether this is a CVE before we can do that.
Pending.
Rich.
--
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
libguestfs lets you edit virtual machines. Supports shell scripting,
bindings from many languages. http://libguestfs.org
_______________________________________________
Libguestfs mailing list -- [email protected]
To unsubscribe send an email to [email protected]
