Debian Bug report logs - #633630
CVE-2011-2511 libvirt: integer overflow in VirDomainGetVcpus

version graph

Package: src:libvirt; Maintainer for src:libvirt is Debian Libvirt Maintainers <pkg-libvirt-maintainers@lists.alioth.debian.org>;

Reported by: Salvatore Bonaccorso <carnil@debian.org>

Date: Tue, 12 Jul 2011 10:30:56 UTC

Severity: important

Tags: security

Found in versions libvirt/0.9.2, libvirt/0.9.2-1

Fixed in versions libvirt/0.8.3-5+squeeze2, libvirt/0.9.3-1, libvirt/0.4.6-10+lenny2, libvirt/0.9.2-7

Done: Guido Günther <agx@sigxcpu.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian Libvirt Maintainers <pkg-libvirt-maintainers@lists.alioth.debian.org>:
Bug#633630; Package src:libvirt. (Tue, 12 Jul 2011 10:30:59 GMT) Full text and rfc822 format available.

Acknowledgement sent to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian Libvirt Maintainers <pkg-libvirt-maintainers@lists.alioth.debian.org>. (Tue, 12 Jul 2011 10:31:29 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Salvatore Bonaccorso <carnil@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: CVE-2011-2511 libvirt: integer overflow in VirDomainGetVcpus
Date: Tue, 12 Jul 2011 12:29:14 +0200
Source: libvirt
Version: 0.9.2
Severity: important
Tags: security

Hi Guido

In [1] (CVE-2011-2511) an integer overflow in VirDomainGetVcpus for
libvirt is mentioned. This is fixed in new upstream 0.9.3. Here [2] is
the patch applied by upstream. Can/should there be an update to for
stable (if affected?).

 [1] http://www.securityfocus.com/bid/48478/info
 [2] https://www.redhat.com/archives/libvir-list/2011-June/msg01278.html
 [3] http://security-tracker.debian.org/CVE-2011-2511

Regards
Salvatore

-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-5-amd64 (SMP w/8 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash




Information forwarded to debian-bugs-dist@lists.debian.org, Debian Libvirt Maintainers <pkg-libvirt-maintainers@lists.alioth.debian.org>:
Bug#633630; Package src:libvirt. (Tue, 12 Jul 2011 15:21:16 GMT) Full text and rfc822 format available.

Acknowledgement sent to Guido Günther <agx@sigxcpu.org>:
Extra info received and forwarded to list. Copy sent to Debian Libvirt Maintainers <pkg-libvirt-maintainers@lists.alioth.debian.org>. (Tue, 12 Jul 2011 15:21:16 GMT) Full text and rfc822 format available.

Message #10 received at 633630@bugs.debian.org (full text, mbox):

From: Guido Günther <agx@sigxcpu.org>
To: Salvatore Bonaccorso <carnil@debian.org>, 633630@bugs.debian.org
Subject: Re: [Pkg-libvirt-maintainers] Bug#633630: CVE-2011-2511 libvirt: integer overflow in VirDomainGetVcpus
Date: Tue, 12 Jul 2011 17:16:00 +0200
Hi Salvatore,
On Tue, Jul 12, 2011 at 12:29:14PM +0200, Salvatore Bonaccorso wrote:
> Source: libvirt
> Version: 0.9.2
> Severity: important
> Tags: security
> 
> Hi Guido
> 
> In [1] (CVE-2011-2511) an integer overflow in VirDomainGetVcpus for
> libvirt is mentioned. This is fixed in new upstream 0.9.3. Here [2] is
> the patch applied by upstream. Can/should there be an update to for
> stable (if affected?).

Yes. Lenny, Squeeze, Wheezy and Sid look vulnerable. I've uploaded a
fixed version for sid though.
Cheers,
 -- Gudio

> 
>  [1] http://www.securityfocus.com/bid/48478/info
>  [2] https://www.redhat.com/archives/libvir-list/2011-June/msg01278.html
>  [3] http://security-tracker.debian.org/CVE-2011-2511
> 
> Regards
> Salvatore
> 
> -- System Information:
> Debian Release: wheezy/sid
>   APT prefers unstable
>   APT policy: (500, 'unstable')
> Architecture: amd64 (x86_64)
> 
> Kernel: Linux 2.6.32-5-amd64 (SMP w/8 CPU cores)
> Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
> Shell: /bin/sh linked to /bin/dash
> 
> 
> 
> _______________________________________________
> Pkg-libvirt-maintainers mailing list
> Pkg-libvirt-maintainers@lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-libvirt-maintainers
> 




Reply sent to Guido Günther <agx@sigxcpu.org>:
You have taken responsibility. (Tue, 12 Jul 2011 15:21:18 GMT) Full text and rfc822 format available.

Notification sent to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer. (Tue, 12 Jul 2011 15:21:18 GMT) Full text and rfc822 format available.

Message #15 received at 633630-close@bugs.debian.org (full text, mbox):

From: Guido Günther <agx@sigxcpu.org>
To: 633630-close@bugs.debian.org
Subject: Bug#633630: fixed in libvirt 0.9.2-7
Date: Tue, 12 Jul 2011 15:17:41 +0000
Source: libvirt
Source-Version: 0.9.2-7

We believe that the bug you reported is fixed in the latest version of
libvirt, which is due to be installed in the Debian FTP archive:

libvirt-bin_0.9.2-7_i386.deb
  to main/libv/libvirt/libvirt-bin_0.9.2-7_i386.deb
libvirt-dev_0.9.2-7_i386.deb
  to main/libv/libvirt/libvirt-dev_0.9.2-7_i386.deb
libvirt-doc_0.9.2-7_all.deb
  to main/libv/libvirt/libvirt-doc_0.9.2-7_all.deb
libvirt0-dbg_0.9.2-7_i386.deb
  to main/libv/libvirt/libvirt0-dbg_0.9.2-7_i386.deb
libvirt0_0.9.2-7_i386.deb
  to main/libv/libvirt/libvirt0_0.9.2-7_i386.deb
libvirt_0.9.2-7.debian.tar.gz
  to main/libv/libvirt/libvirt_0.9.2-7.debian.tar.gz
libvirt_0.9.2-7.dsc
  to main/libv/libvirt/libvirt_0.9.2-7.dsc
python-libvirt_0.9.2-7_i386.deb
  to main/libv/libvirt/python-libvirt_0.9.2-7_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 633630@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Guido Günther <agx@sigxcpu.org> (supplier of updated libvirt package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Tue, 12 Jul 2011 15:07:39 +0200
Source: libvirt
Binary: libvirt-bin libvirt0 libvirt0-dbg libvirt-doc libvirt-dev python-libvirt
Architecture: source all i386
Version: 0.9.2-7
Distribution: unstable
Urgency: low
Maintainer: Debian Libvirt Maintainers <pkg-libvirt-maintainers@lists.alioth.debian.org>
Changed-By: Guido Günther <agx@sigxcpu.org>
Description: 
 libvirt-bin - the programs for the libvirt library
 libvirt-dev - development files for the libvirt library
 libvirt-doc - documentation for the libvirt library
 libvirt0   - library for interfacing with different virtualization systems
 libvirt0-dbg - library for interfacing with different virtualization systems
 python-libvirt - libvirt Python bindings
Closes: 633630
Changes: 
 libvirt (0.9.2-7) unstable; urgency=low
 .
   * [9c99f46] CVE-2011-2511: Fix integer overflow in VirDomainGetVcpus. Patch
     taken verbatim from upstream's git. (Closes: #633630)
Checksums-Sha1: 
 5701dc41b79e5e0848c3652a2a8dc4defc90468d 1915 libvirt_0.9.2-7.dsc
 c785632390b3d5fd1c407bafc43799f1800fe192 81748 libvirt_0.9.2-7.debian.tar.gz
 5cf6b88e97b8b2eac860f7179aac22303cca99c0 1577686 libvirt-doc_0.9.2-7_all.deb
 18e782e716bd3e05a834a28a4df01d6764937ff3 1508612 libvirt-bin_0.9.2-7_i386.deb
 15da586101d076b29dfcafbf57204ad6f9187737 1455902 libvirt0_0.9.2-7_i386.deb
 6ac3864377c7405a1e4376c4502f5cef357c6748 4185156 libvirt0-dbg_0.9.2-7_i386.deb
 8ee87ef6e1e07ee833ea7fdd7879ef6c19a44ee8 1745260 libvirt-dev_0.9.2-7_i386.deb
 986efd990475ee32613fbae05e0307d741cefe82 726704 python-libvirt_0.9.2-7_i386.deb
Checksums-Sha256: 
 582462add43fc87ed770a312f5a50fe341ba6f8412a4b44315e1fd3bfad18a6d 1915 libvirt_0.9.2-7.dsc
 9c156245909030bbb5b77ca431dd1a2ec7e234e8bf69fc1456389d5ccb07b8fa 81748 libvirt_0.9.2-7.debian.tar.gz
 f13c7b3290fa5240251173a4d50161cc2be37f982a54697fac1cce8a758a77de 1577686 libvirt-doc_0.9.2-7_all.deb
 259c42fd0cde51a7aab1e05f8ba66f6f585ab6484c5f4de6f083fd4493845b6f 1508612 libvirt-bin_0.9.2-7_i386.deb
 ce3616420034b89a59ed7c4d802ab5bb7c2ebaa5d2222754b1c719a0e561239c 1455902 libvirt0_0.9.2-7_i386.deb
 3edf2e8745d59529dad461039590831238e1e630bf36dc64320d0bcaafd23091 4185156 libvirt0-dbg_0.9.2-7_i386.deb
 2dc873c18416bf0f40b450eb2d97a2d8d442dfdb66fa54bf3b740e10d731663d 1745260 libvirt-dev_0.9.2-7_i386.deb
 bf8828c72c9dcfb3f9beca62ea0ee8343781e97324026418ee379034cc9aee31 726704 python-libvirt_0.9.2-7_i386.deb
Files: 
 7d1e9b0327abae8b45cbc94f4b20b944 1915 libs optional libvirt_0.9.2-7.dsc
 5429ac88bb793cebdd9fcae15af38a4f 81748 libs optional libvirt_0.9.2-7.debian.tar.gz
 576c54949cd4e3e3783ba408f27eb599 1577686 doc optional libvirt-doc_0.9.2-7_all.deb
 7c0aad0a8830f2ddbb453ccebac0ef30 1508612 admin optional libvirt-bin_0.9.2-7_i386.deb
 7d6abf58c8acd3b3598a93f5ef09f618 1455902 libs optional libvirt0_0.9.2-7_i386.deb
 4e760a4d2a02841c57c7c1c159c8c5f8 4185156 debug extra libvirt0-dbg_0.9.2-7_i386.deb
 2f0d30d0f894da250a964949d09088bc 1745260 libdevel optional libvirt-dev_0.9.2-7_i386.deb
 427f85f1b3a9b49f5d8e46201ef8ee24 726704 python optional python-libvirt_0.9.2-7_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iD8DBQFOHGULn88szT8+ZCYRAvL3AJ9tsi+p+Fb7sE2vSdcvK6vVhUIo/wCfdsoL
w+/4KsDoIjwk2aJTGdPDEJU=
=faxP
-----END PGP SIGNATURE-----





Information forwarded to debian-bugs-dist@lists.debian.org, Debian Libvirt Maintainers <pkg-libvirt-maintainers@lists.alioth.debian.org>:
Bug#633630; Package src:libvirt. (Tue, 12 Jul 2011 21:27:15 GMT) Full text and rfc822 format available.

Acknowledgement sent to Guido Günther <agx@sigxcpu.org>:
Extra info received and forwarded to list. Copy sent to Debian Libvirt Maintainers <pkg-libvirt-maintainers@lists.alioth.debian.org>. (Tue, 12 Jul 2011 21:27:15 GMT) Full text and rfc822 format available.

Message #20 received at 633630@bugs.debian.org (full text, mbox):

From: Guido Günther <agx@sigxcpu.org>
To: Salvatore Bonaccorso <carnil@debian.org>, 633630@bugs.debian.org
Subject: Re: [Pkg-libvirt-maintainers] Bug#633630: CVE-2011-2511 libvirt: integer overflow in VirDomainGetVcpus
Date: Tue, 12 Jul 2011 23:24:26 +0200
[Message part 1 (text/plain, inline)]
On Tue, Jul 12, 2011 at 12:29:14PM +0200, Salvatore Bonaccorso wrote:
> Source: libvirt
> Version: 0.9.2
> Severity: important
> Tags: security
> 
> Hi Guido
> 
> In [1] (CVE-2011-2511) an integer overflow in VirDomainGetVcpus for
> libvirt is mentioned. This is fixed in new upstream 0.9.3. Here [2] is
> the patch applied by upstream. Can/should there be an update to for
> stable (if affected?).
> 
>  [1] http://www.securityfocus.com/bid/48478/info
>  [2] https://www.redhat.com/archives/libvir-list/2011-June/msg01278.html
>  [3] http://security-tracker.debian.org/CVE-2011-2511

Attached patch fixes the issue for stable. We should also fix #623222
while at that. O.k. to upload a version to stable-security?
Cheers,
 -- Guido

> 
> Regards
> Salvatore
> 
> -- System Information:
> Debian Release: wheezy/sid
>   APT prefers unstable
>   APT policy: (500, 'unstable')
> Architecture: amd64 (x86_64)
> 
> Kernel: Linux 2.6.32-5-amd64 (SMP w/8 CPU cores)
> Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
> Shell: /bin/sh linked to /bin/dash
> 
> 
> 
> _______________________________________________
> Pkg-libvirt-maintainers mailing list
> Pkg-libvirt-maintainers@lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-libvirt-maintainers
> 
[0001-Fix-integer-overflow-in-VirDomainGetVcpus.patch (text/x-diff, attachment)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Libvirt Maintainers <pkg-libvirt-maintainers@lists.alioth.debian.org>:
Bug#633630; Package src:libvirt. (Wed, 13 Jul 2011 05:39:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Salvatore Bonaccorso <carnil@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Libvirt Maintainers <pkg-libvirt-maintainers@lists.alioth.debian.org>. (Wed, 13 Jul 2011 05:39:03 GMT) Full text and rfc822 format available.

Message #25 received at 633630@bugs.debian.org (full text, mbox):

From: Salvatore Bonaccorso <carnil@debian.org>
To: Guido Günther <agx@sigxcpu.org>
Cc: 633630@bugs.debian.org, team@security.debian.org
Subject: Re: [Pkg-libvirt-maintainers] Bug#633630: CVE-2011-2511 libvirt: integer overflow in VirDomainGetVcpus
Date: Wed, 13 Jul 2011 07:36:19 +0200
[Message part 1 (text/plain, inline)]
Hi Guido

On Tue, Jul 12, 2011 at 11:24:26PM +0200, Guido Günther wrote:
> On Tue, Jul 12, 2011 at 12:29:14PM +0200, Salvatore Bonaccorso wrote:
> > Source: libvirt
> > Version: 0.9.2
> > Severity: important
> > Tags: security
> > 
> > Hi Guido
> > 
> > In [1] (CVE-2011-2511) an integer overflow in VirDomainGetVcpus for
> > libvirt is mentioned. This is fixed in new upstream 0.9.3. Here [2] is
> > the patch applied by upstream. Can/should there be an update to for
> > stable (if affected?).
> > 
> >  [1] http://www.securityfocus.com/bid/48478/info
> >  [2] https://www.redhat.com/archives/libvir-list/2011-June/msg01278.html
> >  [3] http://security-tracker.debian.org/CVE-2011-2511
> 
> Attached patch fixes the issue for stable. We should also fix #623222
> while at that. O.k. to upload a version to stable-security?

Wow thanks for you fast work :-). Note, I have only reported the issue
via BTS, but I'm not in security team. I'm Cc'ing this to the security
team list.

Regards
Salvatore
[0001-Fix-integer-overflow-in-VirDomainGetVcpus.patch (text/x-diff, attachment)]
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Libvirt Maintainers <pkg-libvirt-maintainers@lists.alioth.debian.org>:
Bug#633630; Package src:libvirt. (Wed, 13 Jul 2011 19:36:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to Guido Günther <agx@sigxcpu.org>:
Extra info received and forwarded to list. Copy sent to Debian Libvirt Maintainers <pkg-libvirt-maintainers@lists.alioth.debian.org>. (Wed, 13 Jul 2011 19:36:05 GMT) Full text and rfc822 format available.

Message #30 received at 633630@bugs.debian.org (full text, mbox):

From: Guido Günther <agx@sigxcpu.org>
To: Salvatore Bonaccorso <carnil@debian.org>
Cc: 633630@bugs.debian.org, team@security.debian.org
Subject: Re: [Pkg-libvirt-maintainers] Bug#633630: CVE-2011-2511 libvirt: integer overflow in VirDomainGetVcpus
Date: Wed, 13 Jul 2011 21:33:06 +0200
[Message part 1 (text/plain, inline)]
On Wed, Jul 13, 2011 at 07:36:19AM +0200, Salvatore Bonaccorso wrote:
> Hi Guido
> 
> On Tue, Jul 12, 2011 at 11:24:26PM +0200, Guido Günther wrote:
> > On Tue, Jul 12, 2011 at 12:29:14PM +0200, Salvatore Bonaccorso wrote:
> > > Source: libvirt
> > > Version: 0.9.2
> > > Severity: important
> > > Tags: security
> > > 
> > > Hi Guido
> > > 
> > > In [1] (CVE-2011-2511) an integer overflow in VirDomainGetVcpus for
> > > libvirt is mentioned. This is fixed in new upstream 0.9.3. Here [2] is
> > > the patch applied by upstream. Can/should there be an update to for
> > > stable (if affected?).
> > > 
> > >  [1] http://www.securityfocus.com/bid/48478/info
> > >  [2] https://www.redhat.com/archives/libvir-list/2011-June/msg01278.html
> > >  [3] http://security-tracker.debian.org/CVE-2011-2511
> > 
> > Attached patch fixes the issue for stable. We should also fix #623222
> > while at that. O.k. to upload a version to stable-security?
> 
> Wow thanks for you fast work :-). Note, I have only reported the issue
> via BTS, but I'm not in security team. I'm Cc'ing this to the security
> team list.
Attached is the diff for the upload to stable-security. O.k. to upload?
This would address 

CVE-2011-1486: Make error reporting in libvirtd thread safe
CVE-2011-2511: Fix integer overflow in VirDomainGetVcpus

for squeeze.
Cheers,
 -- Guido
[0.8.3-5+squeeze2.diff (text/x-diff, attachment)]

Bug Marked as found in versions libvirt/0.9.2-1. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Tue, 19 Jul 2011 10:34:46 GMT) Full text and rfc822 format available.

Reply sent to Guido Günther <agx@sigxcpu.org>:
You have taken responsibility. (Tue, 19 Jul 2011 20:03:12 GMT) Full text and rfc822 format available.

Notification sent to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer. (Tue, 19 Jul 2011 20:03:13 GMT) Full text and rfc822 format available.

Message #37 received at 633630-close@bugs.debian.org (full text, mbox):

From: Guido Günther <agx@sigxcpu.org>
To: 633630-close@bugs.debian.org
Subject: Bug#633630: fixed in libvirt 0.4.6-10+lenny2
Date: Tue, 19 Jul 2011 19:59:58 +0000
Source: libvirt
Source-Version: 0.4.6-10+lenny2

We believe that the bug you reported is fixed in the latest version of
libvirt, which is due to be installed in the Debian FTP archive:

libvirt-bin_0.4.6-10+lenny2_i386.deb
  to main/libv/libvirt/libvirt-bin_0.4.6-10+lenny2_i386.deb
libvirt-dev_0.4.6-10+lenny2_i386.deb
  to main/libv/libvirt/libvirt-dev_0.4.6-10+lenny2_i386.deb
libvirt-doc_0.4.6-10+lenny2_all.deb
  to main/libv/libvirt/libvirt-doc_0.4.6-10+lenny2_all.deb
libvirt0-dbg_0.4.6-10+lenny2_i386.deb
  to main/libv/libvirt/libvirt0-dbg_0.4.6-10+lenny2_i386.deb
libvirt0_0.4.6-10+lenny2_i386.deb
  to main/libv/libvirt/libvirt0_0.4.6-10+lenny2_i386.deb
libvirt_0.4.6-10+lenny2.diff.gz
  to main/libv/libvirt/libvirt_0.4.6-10+lenny2.diff.gz
libvirt_0.4.6-10+lenny2.dsc
  to main/libv/libvirt/libvirt_0.4.6-10+lenny2.dsc
python-libvirt_0.4.6-10+lenny2_i386.deb
  to main/libv/libvirt/python-libvirt_0.4.6-10+lenny2_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 633630@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Guido Günther <agx@sigxcpu.org> (supplier of updated libvirt package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sat, 16 Jul 2011 21:21:24 +0200
Source: libvirt
Binary: libvirt-bin libvirt0 libvirt0-dbg libvirt-doc libvirt-dev python-libvirt
Architecture: source all i386
Version: 0.4.6-10+lenny2
Distribution: oldstable-security
Urgency: low
Maintainer: Debian Libvirt Maintainers <pkg-libvirt-maintainers@lists.alioth.debian.org>
Changed-By: Guido Günther <agx@sigxcpu.org>
Description: 
 libvirt-bin - the programs for the libvirt library
 libvirt-dev - development files for the libvirt library
 libvirt-doc - documentation for the libvirt library
 libvirt0   - library for interfacing with different virtualization systems
 libvirt0-dbg - library for interfacing with different virtualization systems
 python-libvirt - libvirt Python bindings
Closes: 633630
Changes: 
 libvirt (0.4.6-10+lenny2) oldstable-security; urgency=low
 .
   * [bb53af0] CVE-2011-2511: Fix integer overflow in VirDomainGetVcpus
     (Closes: #633630)
Checksums-Sha1: 
 35511c42eac104cdf63ba86597a223ec0d01ede6 1626 libvirt_0.4.6-10+lenny2.dsc
 dd6994e09789e19679cae4bdd65f2d7aea9cf8d0 5255397 libvirt_0.4.6.orig.tar.gz
 c3c402d2833ff11ef51d4cafeacb4c74eef5a314 23476 libvirt_0.4.6-10+lenny2.diff.gz
 57fd3138f072281d6aed9cddda1b00a7a54e4209 573262 libvirt-doc_0.4.6-10+lenny2_all.deb
 0e3749efdb31f57ffab11f175c744b2584e6de96 221340 libvirt-bin_0.4.6-10+lenny2_i386.deb
 ad472234675185ee27316d364b9999fac966a6bd 346778 libvirt0_0.4.6-10+lenny2_i386.deb
 b6b0c94cdbefb0282ee6cf2a55f0534f1cf2b929 658352 libvirt0-dbg_0.4.6-10+lenny2_i386.deb
 f428ef882e7b9ae9987c9878cf7fd067c4367367 407490 libvirt-dev_0.4.6-10+lenny2_i386.deb
 601bc7aa1c369cf030946fc57f78bf308b95b512 147694 python-libvirt_0.4.6-10+lenny2_i386.deb
Checksums-Sha256: 
 de092051e3178197c8f002f3f93a5df765499516ad7508b63dd1b8319f6ee044 1626 libvirt_0.4.6-10+lenny2.dsc
 70049e309632718af75cd11116063ade45eb2879eb9e7ac7c6106559d344a37a 5255397 libvirt_0.4.6.orig.tar.gz
 5ff833271688aac7bbd6a6e09e973ee3db3bb2c4bba9aaf315d334ec40923f09 23476 libvirt_0.4.6-10+lenny2.diff.gz
 291774f4ca656f27febf5805e657d7046a15173514a670e51e9edef3cc557a51 573262 libvirt-doc_0.4.6-10+lenny2_all.deb
 1da9c01b19fc75e3184a2defdfcf13f8045e5e4a2318af4c07914121b2e69ab7 221340 libvirt-bin_0.4.6-10+lenny2_i386.deb
 a3d57282024f485a9ded568f81ef72e811bba23aa4d9c1e327f324802b0ff085 346778 libvirt0_0.4.6-10+lenny2_i386.deb
 f6517a738662e9671f52426e4bbb08fc27a471bae09c09dce56c12719ae11805 658352 libvirt0-dbg_0.4.6-10+lenny2_i386.deb
 31350ddf64abedd6c88a7f28fb7398e8f9aadcecdabdd9041f5c35400b93aabf 407490 libvirt-dev_0.4.6-10+lenny2_i386.deb
 77eb528d51dbff4cc441a1b4f5b8854708bf72a11fa581cc7b399faf0c6f4b4f 147694 python-libvirt_0.4.6-10+lenny2_i386.deb
Files: 
 7e72c2b15bf2dbccfbfcb202b0e68426 1626 libs optional libvirt_0.4.6-10+lenny2.dsc
 abdf727deaffd868172f7243eb75ffe3 5255397 libs optional libvirt_0.4.6.orig.tar.gz
 52868f09ee851959e5892c82bf57d8ac 23476 libs optional libvirt_0.4.6-10+lenny2.diff.gz
 70f1899aab22fe1cb0a56a5b47051a31 573262 doc optional libvirt-doc_0.4.6-10+lenny2_all.deb
 af5b615d274b03736503a34826c39d04 221340 admin optional libvirt-bin_0.4.6-10+lenny2_i386.deb
 f1e0fe3d43d5c1823eab85752ea006b0 346778 libs optional libvirt0_0.4.6-10+lenny2_i386.deb
 6835e94691f9ecaeff85fa06fcfb803e 658352 libs extra libvirt0-dbg_0.4.6-10+lenny2_i386.deb
 48e234b5c3e173754144e9e87b8c2f16 407490 libdevel optional libvirt-dev_0.4.6-10+lenny2_i386.deb
 b73c8cd040e0cac21967d6345d31297a 147694 python optional python-libvirt_0.4.6-10+lenny2_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iD8DBQFOJBZwn88szT8+ZCYRAgq1AJ9TJn4xcyxNaNELqCpQi/iA4kCx9ACbBm59
csYzqIYzqC0LpHlS8ziMPGM=
=Fz3e
-----END PGP SIGNATURE-----





Reply sent to Guido Günther <agx@sigxcpu.org>:
You have taken responsibility. (Tue, 19 Jul 2011 20:03:15 GMT) Full text and rfc822 format available.

Notification sent to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer. (Tue, 19 Jul 2011 20:03:15 GMT) Full text and rfc822 format available.

Message #42 received at 633630-close@bugs.debian.org (full text, mbox):

From: Guido Günther <agx@sigxcpu.org>
To: 633630-close@bugs.debian.org
Subject: Bug#633630: fixed in libvirt 0.8.3-5+squeeze2
Date: Tue, 19 Jul 2011 20:00:18 +0000
Source: libvirt
Source-Version: 0.8.3-5+squeeze2

We believe that the bug you reported is fixed in the latest version of
libvirt, which is due to be installed in the Debian FTP archive:

libvirt-bin_0.8.3-5+squeeze2_i386.deb
  to main/libv/libvirt/libvirt-bin_0.8.3-5+squeeze2_i386.deb
libvirt-dev_0.8.3-5+squeeze2_i386.deb
  to main/libv/libvirt/libvirt-dev_0.8.3-5+squeeze2_i386.deb
libvirt-doc_0.8.3-5+squeeze2_all.deb
  to main/libv/libvirt/libvirt-doc_0.8.3-5+squeeze2_all.deb
libvirt0-dbg_0.8.3-5+squeeze2_i386.deb
  to main/libv/libvirt/libvirt0-dbg_0.8.3-5+squeeze2_i386.deb
libvirt0_0.8.3-5+squeeze2_i386.deb
  to main/libv/libvirt/libvirt0_0.8.3-5+squeeze2_i386.deb
libvirt_0.8.3-5+squeeze2.debian.tar.gz
  to main/libv/libvirt/libvirt_0.8.3-5+squeeze2.debian.tar.gz
libvirt_0.8.3-5+squeeze2.dsc
  to main/libv/libvirt/libvirt_0.8.3-5+squeeze2.dsc
python-libvirt_0.8.3-5+squeeze2_i386.deb
  to main/libv/libvirt/python-libvirt_0.8.3-5+squeeze2_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 633630@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Guido Günther <agx@sigxcpu.org> (supplier of updated libvirt package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Wed, 13 Jul 2011 20:32:22 +0200
Source: libvirt
Binary: libvirt-bin libvirt0 libvirt0-dbg libvirt-doc libvirt-dev python-libvirt
Architecture: source all i386
Version: 0.8.3-5+squeeze2
Distribution: stable-security
Urgency: low
Maintainer: Debian Libvirt Maintainers <pkg-libvirt-maintainers@lists.alioth.debian.org>
Changed-By: Guido Günther <agx@sigxcpu.org>
Description: 
 libvirt-bin - the programs for the libvirt library
 libvirt-dev - development files for the libvirt library
 libvirt-doc - documentation for the libvirt library
 libvirt0   - library for interfacing with different virtualization systems
 libvirt0-dbg - library for interfacing with different virtualization systems
 python-libvirt - libvirt Python bindings
Closes: 623222 633630
Changes: 
 libvirt (0.8.3-5+squeeze2) stable-security; urgency=low
 .
   * [ac67c93] CVE-2011-1486: Make error reporting in libvirtd thread safe
     (Closes: #623222)
   * [eafb3d8] CVE-2011-2511: Fix integer overflow in VirDomainGetVcpus
     (Closes: #633630)
Checksums-Sha1: 
 612aec4fb52c4a37ebe29da5ed764ca46441dd6b 1910 libvirt_0.8.3-5+squeeze2.dsc
 5f66c739c7ccdb0570391d1068b0f4328e3c962c 36665 libvirt_0.8.3-5+squeeze2.debian.tar.gz
 09c2f167f3328e6250d4c0eb66f6e44bc903d68d 1120066 libvirt-doc_0.8.3-5+squeeze2_all.deb
 f63221e799ffdbf3ff3aa9f3b722d8bc428c08e1 1022934 libvirt-bin_0.8.3-5+squeeze2_i386.deb
 1dca52c4eb8791c8f9708d543035a8bcc522b381 955230 libvirt0_0.8.3-5+squeeze2_i386.deb
 63fd122e8a5f85b7be23c3a138988c43187cdb5b 3046518 libvirt0-dbg_0.8.3-5+squeeze2_i386.deb
 859920380a64ae299e6be5fd4992050009efa259 1176804 libvirt-dev_0.8.3-5+squeeze2_i386.deb
 b9fee74eb56130f0edfdaf1981bab756d4e4c315 440234 python-libvirt_0.8.3-5+squeeze2_i386.deb
Checksums-Sha256: 
 1dd3353f681f461715f070e9aeb76a123d96d5db3c8cd288345c910bb139f292 1910 libvirt_0.8.3-5+squeeze2.dsc
 0017f45875038570c7c5dade0f6f65150c86649eeaad0643331ea433f3fadc38 36665 libvirt_0.8.3-5+squeeze2.debian.tar.gz
 1f65fc9bb93af4505144f311a0607681a22d8cba5ef9121749889d162a947736 1120066 libvirt-doc_0.8.3-5+squeeze2_all.deb
 9e4c43002eba19ec694e2cb35f684f63ce76083e4016e2881bc2140f44cf0976 1022934 libvirt-bin_0.8.3-5+squeeze2_i386.deb
 67dd72a45528461a97f15015fa8472560d80b3c7a5cc1710ae22f86920a345d6 955230 libvirt0_0.8.3-5+squeeze2_i386.deb
 4b596b3bf584e29818a528df9cab788beaec273247eea53f10101e6c34f1f6d6 3046518 libvirt0-dbg_0.8.3-5+squeeze2_i386.deb
 cedfe972c987c659e73d5a25a0da1a412c333d7347bbaf0a82b281f04e12de4f 1176804 libvirt-dev_0.8.3-5+squeeze2_i386.deb
 e6512eda17b4e7f418f707d6e2d9825992af3af9a1d09dde7e72840467bd91a2 440234 python-libvirt_0.8.3-5+squeeze2_i386.deb
Files: 
 6ed4c950f68e03ea10e2631a8c406b40 1910 libs optional libvirt_0.8.3-5+squeeze2.dsc
 d3983d7de34e8a42692118db83b6bd79 36665 libs optional libvirt_0.8.3-5+squeeze2.debian.tar.gz
 3f4ae27e7a6e605a5d7bf85118ef326d 1120066 doc optional libvirt-doc_0.8.3-5+squeeze2_all.deb
 ea046ebf07198a6ff7b197c387e64092 1022934 admin optional libvirt-bin_0.8.3-5+squeeze2_i386.deb
 134d3387a30d9acbc01bf0852bfff67a 955230 libs optional libvirt0_0.8.3-5+squeeze2_i386.deb
 4872315a9e1dcb7b9ba2c2aedce0d8f8 3046518 debug extra libvirt0-dbg_0.8.3-5+squeeze2_i386.deb
 5aafaca4b04abd96d61e1a56dcbe11c5 1176804 libdevel optional libvirt-dev_0.8.3-5+squeeze2_i386.deb
 efca68131ea54e55cfbf22145cda09a6 440234 python optional python-libvirt_0.8.3-5+squeeze2_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iD8DBQFOId+Un88szT8+ZCYRAsy0AJ9oZIY0Yr8hFTViF4QXWtHywOyDsACdFMLg
OgqSRdNhPjLqO9zNULMfOyA=
=SjLM
-----END PGP SIGNATURE-----





Bug Marked as fixed in versions libvirt/0.9.3-1. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Wed, 20 Jul 2011 06:21:05 GMT) Full text and rfc822 format available.

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sat, 01 Oct 2011 07:35:14 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Thu Apr 24 23:15:55 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.