-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Mon, 14 Mar 2011 21:33:33 +0100 Source: libvirt Binary: libvirt-bin libvirt0 libvirt0-dbg libvirt-doc libvirt-dev python-libvirt Architecture: source all i386 Version: 0.8.3-5+squeeze1 Distribution: stable-security Urgency: low Maintainer: Debian Libvirt Maintainers Changed-By: Guido Günther Description: libvirt-bin - the programs for the libvirt library libvirt-dev - development files for the libvirt library libvirt-doc - documentation for the libvirt library libvirt0 - library for interfacing with different virtualization systems libvirt0-dbg - library for interfacing with different virtualization systems python-libvirt - libvirt Python bindings Closes: 617773 Changes: libvirt (0.8.3-5+squeeze1) stable-security; urgency=low . * [0ee351f] [CVE-2011-1146] Add missing checks for read only connections. Some API forgot to check the read-only status of the connection for entry point which modify the state of the system or may lead to a remote execution using user data. The entry points concerned are: - virConnectDomainXMLToNative - virNodeDeviceDettach - virNodeDeviceReAttach - virNodeDeviceReset - virDomainRevertToSnapshot - virDomainSnapshotDelete src/libvirt.c: fix the above set of entry points to error on read-only (Closes: #617773) Checksums-Sha1: 5e9cdf77c59492365589e8f9fcaca5398e850acb 1910 libvirt_0.8.3-5+squeeze1.dsc 4dc92139031f2af3141c2b1d0813b57ecd735c5d 12430752 libvirt_0.8.3.orig.tar.gz 06055fe552e57c43515a03fc4a44a07deb0a57f1 30169 libvirt_0.8.3-5+squeeze1.debian.tar.gz 1c19211ced39c177468c4870f86e89f98375188b 1120026 libvirt-doc_0.8.3-5+squeeze1_all.deb 917f5e27ed1c39b6d72003dac8d5d60a87a1f9a4 1022162 libvirt-bin_0.8.3-5+squeeze1_i386.deb 26a3fd1605f5cc158ebfa1018ddaf1b70bf453f7 954860 libvirt0_0.8.3-5+squeeze1_i386.deb 241a8434e6858dcb2096a32d2e84cf1f06d100f4 3045724 libvirt0-dbg_0.8.3-5+squeeze1_i386.deb a5f262d2066dcddbce28b56b0d160f8f5a671bf8 1176458 libvirt-dev_0.8.3-5+squeeze1_i386.deb 82a41aee83feb2a5fca89abe1120a5e646b19f9b 440134 python-libvirt_0.8.3-5+squeeze1_i386.deb Checksums-Sha256: 27c3781098f5c6f45582a08321e94c7e5ba273a671b46aadaf58cfb319c4ba53 1910 libvirt_0.8.3-5+squeeze1.dsc 35e1836c3947ac3edd7b4a1948cf13f5f13dd3e5bb31933d627d771b1e997a1f 12430752 libvirt_0.8.3.orig.tar.gz f9fca6e0bf3f3434acb59562a1405953b93f1686f53893d9584dd182d31c4be2 30169 libvirt_0.8.3-5+squeeze1.debian.tar.gz 3058008b7735dc546750a7380dcc1ba7d9f96e244bc33fd194a2fd34d8fe417f 1120026 libvirt-doc_0.8.3-5+squeeze1_all.deb 478a98af610d2b3b12dccd49cfd73732836450eec14507b093faa67dee8452d0 1022162 libvirt-bin_0.8.3-5+squeeze1_i386.deb 1d05e07c8596ae9d0ad77412986468cd2bcf233b11c20086905c84011c938d5d 954860 libvirt0_0.8.3-5+squeeze1_i386.deb 6614a747c10050dc51baa093a3fd552afbd7521c9c7850b62dd99f9318c4cd2c 3045724 libvirt0-dbg_0.8.3-5+squeeze1_i386.deb 079b35103864c6b472be3c49a391ad74f50b622a263a354b3a965db47274b6de 1176458 libvirt-dev_0.8.3-5+squeeze1_i386.deb efb3e8d596ce7c9f97d7ab4c4248c5050be4261389ef3d64ebfe11a5f14ca19d 440134 python-libvirt_0.8.3-5+squeeze1_i386.deb Files: 91055f0638e8b59c0b6b064be034e26e 1910 libs optional libvirt_0.8.3-5+squeeze1.dsc ae8535ce119d32a2e9fb1f46e2c8f325 12430752 libs optional libvirt_0.8.3.orig.tar.gz 6ecc8db35e8634de348ed3f695553ce5 30169 libs optional libvirt_0.8.3-5+squeeze1.debian.tar.gz 9500e700dfb4cb17f0ac28956d841415 1120026 doc optional libvirt-doc_0.8.3-5+squeeze1_all.deb 620959491e8f6186a9998b547a4b9e71 1022162 admin optional libvirt-bin_0.8.3-5+squeeze1_i386.deb 3ae9e78cf2a8a8fa6a6f6ca8fd9b8d80 954860 libs optional libvirt0_0.8.3-5+squeeze1_i386.deb 0a5557c1c008f9c48b9b8b404ed0aaae 3045724 debug extra libvirt0-dbg_0.8.3-5+squeeze1_i386.deb e69d0b433cb79bc9cd0d18cb91afd60c 1176458 libdevel optional libvirt-dev_0.8.3-5+squeeze1_i386.deb c158c81c5074972f29992c6d5e9f1d5e 440134 python optional python-libvirt_0.8.3-5+squeeze1_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iD8DBQFNgboXn88szT8+ZCYRAm0xAJ9Y8qS30/PePM3HmQyY9ktSJ4VEWgCffm+H ZM8FgUoXmzNFt8gioCgFl1s= =g0Gz -----END PGP SIGNATURE-----