[libvirt] [PATCH] CVE-2014-8131: Fix possible deadlock and segfault in qemuConnectGetAllDomainStats()
Eric Blake
eblake at redhat.com
Thu Dec 11 15:42:30 UTC 2014
On 12/11/2014 03:40 AM, Martin Kletzander wrote:
>> I can help with the security notices, as we have several other CVEs that
>> will also be plugged in time for 1.2.11.
>>
>
> That would be great. Just to complete this info, there's one
> additional patch that's needed for this CVE fix to be complete:
>
> commit cb104ef734dfea12cb8826dba7e2c98912c4b7e1
> qemu: bulk stats: Fix logic in monitor handling
>
> Let me know if I should back-port it with 'CVE-2014-8131' prefix or
> just as it is.
It's best if backports match the subject line of the original, so don't
go changing the subject line on the backport.
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 539 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20141211/ed873834/attachment-0001.sig>
More information about the libvir-list
mailing list