[libvirt] [Libvirt-Security] [PATCH] qemu: bulk stats: typo in monitor handling
Eric Blake
eblake at redhat.com
Thu Dec 11 14:09:55 UTC 2014
On 12/11/2014 02:57 AM, Peter Krempa wrote:
> On 12/11/14 08:44, Francesco Romani wrote:
>> A typo in qemuConnectGetAllDomainStats makes the code
>> mark the monitor as available when qemuDomainObjBeginJob
>> fails, instead of when it succeeds, as the correct flow
>> requires.
>>
>> This patch fixes the check and updates the code documentation
>> accordingly.
>
> Wow, nice catch. The logic inversion was introduced by the CVE fix:
Fortunately, as there has been no release in between the initial CVE fix
and this followup patch, there is no need for an additional CVE. It
merely means that the CVE fix is a two-patch effort.
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 539 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20141211/aa394e48/attachment-0001.sig>
More information about the libvir-list
mailing list