[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] [v0.9.12-maint 0/8] Backport changes for CVE-2013-6458 to v0.9.12-maint



On 01/15/2014 01:43 PM, Eric Blake wrote:
> On 01/11/2014 07:27 AM, Guido Günther wrote:
>> Hi,
>> attached patches backport the fixes for CVE-2013-6458 to v0.9.12-maint. I
>> decided to cherry-pick the introduction of VIR_STRDUP and virReportError
>> as well to ease backporting of future fixes. I'd be happy about any review.
> 
> Looks correct to me.  I'll let you push to 0.9.12-maint since you
> already did that work; I already pushed to all the branches 0.10.2 and
> later.  When porting to 0.10.2, I chose to just inline the call to
> strdup() instead of backporting VIR_STRDUP, for fewer patches but more
> conflict resolution; but either approach seems acceptable.

Oh, and I also pushed the two patches for CVE-2014-1447 to all branches
back to 0.10.2.  Since that also exists in 0.9.8, you'll want to include
those two patches in your push to 0.9.12.  There's a conflict resolution
needed in the first of the two patches, if you want to borrow from
0.10.2-maint.

-- 
Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org

Attachment: signature.asc
Description: OpenPGP digital signature


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]