lp://qastaging/ubuntu/lucid-security/libvirt

Branch merges

Propose for merging

No branches dependent on this one.

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Related blueprints

94. By Jamie Strandboge on 2011-07-26

* SECURITY UPDATE: integer overflow in virDomainGetVcpus()
  - debian/patches/9909-CVE-2011-2511.patch: use INT_MULTIPLY_OVERFLOW() to
    verify maxinfo * maplen < REMOTE_CPUMAPS_MAX
  - CVE-2011-2511

93. By Jamie Strandboge on 2011-06-10

* SECURITY UPDATE:
  - 9030-CVE-2011-1486.patch: update daemon/dispatch.c and daemon/remote.c
    to call virDomainFree() after remoteDispatchConnError()
  - CVE-2011-1486

92. By Jamie Strandboge on 2011-03-15

* SECURITY UPDATE: debian/patches/9904-CVE-2011-1146.patch: Add missing
  checks for read only connections.
  - CVE-2011-1146

91. By Jamie Strandboge on 2010-10-23

debian/patches/9902-lp665531.patch: restore use of '<driver name='qemu'
type='host_device'/>' (LP: #665531)

90. By Jamie Strandboge on 2010-10-22

Renable the changes in 27.3, which were mistakenly dropped (LP: #665182)

[ Nigel Jones ]
* debian/patches/9024-free-memory-for-invalid-devices.patch: updated
  to match upstream patch which includes a fix for an entry path
  not found originally, LP: #571093
* debian/patches/9025-avoid-NULL-dereference-upon-disk-op-fail.patch:
  backport upstream patch to avoid failures when attempting to attach
  a disk or image twice. LP: #455832

89. By Jamie Strandboge on 2010-09-01

* SECURITY UPDATE: fix multiple issues with disk format for backing stores
  which could allow a privileged guest user to access arbitrary files on
  the host.
  - debian/patches/9900-CVE-2010-2237-2238-2239.patch:
    + update security drivers to honor the user defined disk format when
      looking up disk backing stores
    + update security drivers to honor the defined backing store disk format
      when recursing into disk image backing stores
    + explicitly set the user defined backing store format when creating a
      new image
  - migrate virtual machine definitions with non-raw disks and previously
    unspecified disk format with a one time probe on upgrades:
    + add debian/libvirt-migrate-qemu-disks
    + add debian/libvirt-migrate-qemu-disks.1
    + debian/libvirt-bin.postinst: updated to run
      'libvirt-migrate-qemu-disks -a' on upgrades
    + debian/rules: cp debian/libvirt-migrate-qemu-disks into place
    + debian/libvirt-bin.manpages: install libvirt-migrate-qemu-disks.1
    + debian/README.Debian: updated for libvirt-migrate-qemu-disks
  - CVE-2010-2237
  - CVE-2010-2238
  - CVE-2010-2239
* SECURITY UPDATE: fix to disallow privileged users in guests from accessing
  privileged resources, such as NFS
  - debian/patches/9901-CVE-2010-2242.patch: set iptables masqerading rules
    to use ports 1024-65535
  - CVE-2010-2242

88. By Dustin Kirkland  on 2010-04-21

* debian/libvirt-bin.postinst: ensure that the convenience feature
  of adding users to the libvirtd group does cause package setup
  failure, LP: #565380
* debian/patches/9023-virt-pki-validate_fixes.patch: fix a bashism,
  a missing autoconf substitution, and an insufficient sed call, in
  order to get this working on Ubuntu, LP: #562266; patch submitted
  upstream

87. By Jamie Strandboge on 2010-04-20

* debian/patches/9022-dont-leak-log-fd.path.patch: Fix FD leak in
  qemudStartVMDaemon (LP: #567392)
* debian/apparmor/usr.lib.libvirt.virt-aa-helper: update paths for LVM
  volumes and searching /sys/bus/usb/devices/ (LP: #565691)

86. By Jamie Strandboge on 2010-04-16

debian/apparmor/usr.lib.libvirt.virt-aa-helper: update paths for
eucalyptus (LP: #564914)

85. By Jamie Strandboge on 2010-04-15

debian/apparmor/usr.lib.libvirt.virt-aa-helper: eek, the /dev change from
the last upload was a wee bit too aggressive. Revert that and allow access
to .img, .qcow{,2}, and .vmdk (file extensions that actually support
backingstore) and .[iI][sS][oO] since it is so common (LP: #517714)