[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] [PATCH] Fix crash when multiple event callbacks were registered

On 07/10/2013 05:02 AM, Daniel P. Berrange wrote:
> On Wed, Jul 10, 2013 at 12:59:48PM +0200, Ján Tomko wrote:
>> CVE-2013-2230
> This should be in the subject line so it is more visible.

Oh well, it was pushed without the subject line change.  But I noticed
that DV had added a signed tag to our previous CVE (2013-2218, just
before 1.1.0), and that is also easily visible if you use 'tig', so I've
just finished creating lots of other signed tags for CVE fixes over the
last three years:

CVE-2011-1146   CVE-2012-3411   CVE-2013-0170   CVE-2013-2230
CVE-2011-1486   CVE-2012-3445   CVE-2013-1962
CVE-2011-2178   CVE-2012-4423   CVE-2013-2218

Since signed tags can be added after the fact, they are a nice way to
consistently mark bug fixes, regardless of whether the commit itself was
aware of a CVE number (for example, some of those tags are on commits
that were made public long before a CVE was assigned, because no one
realized the exploit until after the patch was pushed).

Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org

Attachment: signature.asc
Description: OpenPGP digital signature

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]