[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] [PATCHv3 3/3] network: use dnsmasq --bind-dynamic when available



On 11/28/2012 06:32 PM, Eric Blake wrote:
>> This bug resolves CVE-2012-3411, which is described in the following
>> bugzilla report:
>>
>>   https://bugzilla.redhat.com/show_bug.cgi?id=833033
>>
>> The following report is specifically for libvirt on Fedora:
>>
>>   https://bugzilla.redhat.com/show_bug.cgi?id=874702
>>
>> In short, a dnsmasq instance run with the intention of listening for
>> DHCP/DNS requests only on a libvirt virtual network (which is
>> constructed using a Linux host bridge) would also answer queries sent
>> from outside the virtualization host.
>>
> <snip>
>
> It's always nice to fully explain things in the commit message,
> as you have done here - not only does it make the reviewer's job
> easier today, but down the road, it will make it much easier to
> answer what the CVE was all about and who is impacted (or more
> specifically, that default installation is NOT impacted).  Thanks
> for taking the time to write it up.
>
> ACK.  And let's get this in, so distros can start backporting
> the CVE fix for the sake of those people who ARE impacted.
>

Thanks! I've pushed the entire series. I suppose I should now get to the
backports...


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]