[libvirt] [sec-notice PATCH 3/2] notices: recent maintenance releases

Eric Blake eblake at redhat.com
Wed Jan 22 00:57:41 UTC 2014 

Cleanups found while revisiting some of my recent backport efforts,
and documentation of recent releases.

* notices/2014/0001.xml: Typo fix, more details.
* notices/2014/0002.xml: Likewise.
* notices/2013/0017.xml: Maintenance releases.

Signed-off-by: Eric Blake <eblake at redhat.com>
---
 notices/2013/0017.xml |  3 +++
 notices/2014/0001.xml | 18 +++++++++++++++++-
 notices/2014/0002.xml | 10 +++++++---
 3 files changed, 27 insertions(+), 4 deletions(-)

diff --git a/notices/2013/0017.xml b/notices/2013/0017.xml
index 67a9dc8..083b9fb 100644
--- a/notices/2013/0017.xml
+++ b/notices/2013/0017.xml
@@ -64,6 +64,7 @@ on higher privileged users.]]>
       <tag state="vulnerable">v1.1.4</tag>
       <tag state="vulnerable">v1.2.0</tag>
       <change state="vulnerable">cfed9ad4fb28e268e1467a0071c2fbc0c0873969</change>
+      <tag state="fixed">v1.2.1</tag>
       <change state="fixed">f8c1cb90213508c4f32549023b0572ed774e48aa</change>
     </branch>
     <branch>
@@ -77,6 +78,7 @@ on higher privileged users.]]>
       <tag state="vulnerable">v1.0.5.7</tag>
       <tag state="vulnerable">v1.0.5.8</tag>
       <change state="vulnerable">cfed9ad4fb28e268e1467a0071c2fbc0c0873969</change>
+      <tag state="fixed">v1.0.5.9</tag>
       <change state="fixed">218bd2e8716bcb4c90acf6ecaf879d606b46606b</change>
     </branch>
     <branch>
@@ -104,6 +106,7 @@ on higher privileged users.]]>
       <tag state="vulnerable">v1.1.3.1</tag>
       <tag state="vulnerable">v1.1.3.2</tag>
       <change state="vulnerable">cfed9ad4fb28e268e1467a0071c2fbc0c0873969</change>
+      <tag state="fixed">v1.1.3.3</tag>
       <change state="fixed">66247dc5fffe5b9447f4db377c5adf02e6db97c4</change>
     </branch>
     <branch>
diff --git a/notices/2014/0001.xml b/notices/2014/0001.xml
index 67657e3..dc93468 100644
--- a/notices/2014/0001.xml
+++ b/notices/2014/0001.xml
@@ -13,7 +13,7 @@ initialization.]]>
   </description>

   <impact>
-<![CDATA[A malicious unprivileged client can caus the libvirtd daemon
+<![CDATA[A malicious unprivileged client can cause the libvirtd daemon
 to crash leading to a denial of service]]>
   </impact>

@@ -92,9 +92,23 @@ file]]>
       <tag state="vulnerable">v0.9.12.1</tag>
       <tag state="vulnerable">v0.9.12.2</tag>
       <change state="vulnerable">f4324e32927580e3620f0de3a0ec80334936e263</change>
+      <tag state="fixed">v0.9.12.3</tag>
       <change state="fixed">c385db5994842466ad3afd3ec4414dc67e41f8d3</change>
     </branch>
     <branch>
+      <name>v0.10.2-maint</name>
+      <tag state="vulnerable">v0.10.2.1</tag>
+      <tag state="vulnerable">v0.10.2.2</tag>
+      <tag state="vulnerable">v0.10.2.3</tag>
+      <tag state="vulnerable">v0.10.2.4</tag>
+      <tag state="vulnerable">v0.10.2.5</tag>
+      <tag state="vulnerable">v0.10.2.6</tag>
+      <tag state="vulnerable">v0.10.2.7</tag>
+      <tag state="vulnerable">v0.10.2.8</tag>
+      <change state="vulnerable">f4324e32927580e3620f0de3a0ec80334936e263</change>
+      <change state="fixed">35ed9796981cf7b939f28b60ca828824a0488a3a</change>
+    </branch>
+    <branch>
       <name>v1.0.2-maint</name>
       <change state="vulnerable">f4324e32927580e3620f0de3a0ec80334936e263</change>
       <change state="fixed">7fad864afa2f7137f5ebfa7874c70d2a2ca5c6b1</change>
@@ -120,6 +134,7 @@ file]]>
       <tag state="vulnerable">v1.0.5.7</tag>
       <tag state="vulnerable">v1.0.5.8</tag>
       <change state="vulnerable">f4324e32927580e3620f0de3a0ec80334936e263</change>
+      <tag state="fixed">v1.0.5.9</tag>
       <change state="fixed">99f8d97aa7498ae06bfbefc0d4d71351d0831016</change>
     </branch>
     <branch>
@@ -147,6 +162,7 @@ file]]>
       <tag state="vulnerable">v1.1.3.1</tag>
       <tag state="vulnerable">v1.1.3.2</tag>
       <change state="vulnerable">f4324e32927580e3620f0de3a0ec80334936e263</change>
+      <tag state="fixed">v1.1.3.3</tag>
       <change state="fixed">8342adeffb260c564edd4d7279fcb8c3499a997f</change>
     </branch>
     <branch>
diff --git a/notices/2014/0002.xml b/notices/2014/0002.xml
index acafda9..aa286a0 100644
--- a/notices/2014/0002.xml
+++ b/notices/2014/0002.xml
@@ -6,13 +6,15 @@
   <description>
 <![CDATA[The asynchronous events were not filtered based on
 any permission check prior to being dispatched to the client.
-This could lead to the client learning about the existance
-of domains that they are not authorized to see]]>
+This could lead to the client learning about the existence
+of domains that they are not authorized to see.]]>
   </description>

   <impact>
 <![CDATA[A client can use events to learn of domains that
-they are not authorized to see.]]>
+they are not authorized to see.  Additionally, the client
+can use that object to attempt other actions on the domain,
+such as starting or stopping it.]]>
   </impact>

   <workaround>
@@ -38,6 +40,7 @@ they are not authorized to see.]]>

   <reference>
     <advisory type="CVE" id="2014-0028"/>
+    <bug tracker="redhat" id="1047964"/>
   </reference>

   <product name="libvirt">
@@ -74,6 +77,7 @@ they are not authorized to see.]]>
       <tag state="vulnerable">v1.1.3.1</tag>
       <tag state="vulnerable">v1.1.3.2</tag>
       <change state="vulnerable">ed3bac713c3cfc055ef551cbfe92a061084382c3</change>
+      <tag state="fixed">v1.1.3.3</tag>
       <change state="fixed">51afa9a255d7a073373ad4533eff58bd819890e8</change>
     </branch>
     <branch>
-- 
1.8.4.2

More information about the libvir-list mailing list