[libvirt] ANNOUNCE: libvirt 1.0.5.6 maintenance release
Daniel P. Berrange
berrange at redhat.com
Mon Sep 23 12:25:14 UTC 2013
On Mon, Sep 23, 2013 at 08:09:50AM -0400, Eric Blake wrote:
> > On Fri, Sep 20, 2013 at 06:48:04PM -0400, Cole Robinson wrote:
> > > libvirt 1.0.5.6 maintenance release is now available. This is
> > > libvirt 1.0.5 with additional bugfixes that have accumulated
> > > upstream since the initial release.
> > >
>
> >
> > The fix for this CVE is incomplete. There's a flaw in it affecting
> > the ACL code, which I've just posted a followup fix for
> >
> > https://www.redhat.com/archives/libvir-list/2013-September/msg01244.html
> >
> > So we'll need a 1.0.5.7 release with this.
>
> Huh? ACLs weren't added until 1.1.0, so I don't see how the typo added in
> ACL code can affect pre-ACL code.
Opps, you're right. The identity infrastructure for ACLs existed, but was
dormant.
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
More information about the libvir-list
mailing list