[Pkg-libvirt-maintainers] Bug#633630: Bug#633630: CVE-2011-2511 libvirt: integer overflow in VirDomainGetVcpus
Salvatore Bonaccorso
carnil at debian.org
Wed Jul 13 05:36:19 UTC 2011
Hi Guido
On Tue, Jul 12, 2011 at 11:24:26PM +0200, Guido Günther wrote:
> On Tue, Jul 12, 2011 at 12:29:14PM +0200, Salvatore Bonaccorso wrote:
> > Source: libvirt
> > Version: 0.9.2
> > Severity: important
> > Tags: security
> >
> > Hi Guido
> >
> > In [1] (CVE-2011-2511) an integer overflow in VirDomainGetVcpus for
> > libvirt is mentioned. This is fixed in new upstream 0.9.3. Here [2] is
> > the patch applied by upstream. Can/should there be an update to for
> > stable (if affected?).
> >
> > [1] http://www.securityfocus.com/bid/48478/info
> > [2] https://www.redhat.com/archives/libvir-list/2011-June/msg01278.html
> > [3] http://security-tracker.debian.org/CVE-2011-2511
>
> Attached patch fixes the issue for stable. We should also fix #623222
> while at that. O.k. to upload a version to stable-security?
Wow thanks for you fast work :-). Note, I have only reported the issue
via BTS, but I'm not in security team. I'm Cc'ing this to the security
team list.
Regards
Salvatore
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Fix-integer-overflow-in-VirDomainGetVcpus.patch
Type: text/x-diff
Size: 6485 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-libvirt-maintainers/attachments/20110713/67d15da3/attachment.patch>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-libvirt-maintainers/attachments/20110713/67d15da3/attachment.pgp>
More information about the Pkg-libvirt-maintainers
mailing list