> This bug resolves CVE-2012-3411, which is described in the following > bugzilla report: > > https://bugzilla.redhat.com/show_bug.cgi?id=833033 > > The following report is specifically for libvirt on Fedora: > > https://bugzilla.redhat.com/show_bug.cgi?id=874702 > > In short, a dnsmasq instance run with the intention of listening for > DHCP/DNS requests only on a libvirt virtual network (which is > constructed using a Linux host bridge) would also answer queries sent > from outside the virtualization host. > <snip> It's always nice to fully explain things in the commit message, as you have done here - not only does it make the reviewer's job easier today, but down the road, it will make it much easier to answer what the CVE was all about and who is impacted (or more specifically, that default installation is NOT impacted). Thanks for taking the time to write it up. ACK. And let's get this in, so distros can start backporting the CVE fix for the sake of those people who ARE impacted. -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list