[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] ANNOUNCE: libvirt 1.0.5.6 maintenance release



> On Fri, Sep 20, 2013 at 06:48:04PM -0400, Cole Robinson wrote:
> > libvirt 1.0.5.6 maintenance release is now available. This is
> > libvirt 1.0.5 with additional bugfixes that have accumulated
> > upstream since the initial release.
> > 

> 
> The fix for this CVE is incomplete. There's a flaw in it affecting
> the ACL code, which I've just posted a followup fix for
> 
>   https://www.redhat.com/archives/libvir-list/2013-September/msg01244.html
> 
> So we'll need a 1.0.5.7 release with this.

Huh?  ACLs weren't added until 1.1.0, so I don't see how the typo added in
ACL code can affect pre-ACL code.

-- 
Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]