On 11/28/2012 06:32 PM, Eric Blake wrote: >> This bug resolves CVE-2012-3411, which is described in the following >> bugzilla report: >> >> https://bugzilla.redhat.com/show_bug.cgi?id=833033 >> >> The following report is specifically for libvirt on Fedora: >> >> https://bugzilla.redhat.com/show_bug.cgi?id=874702 >> >> In short, a dnsmasq instance run with the intention of listening for >> DHCP/DNS requests only on a libvirt virtual network (which is >> constructed using a Linux host bridge) would also answer queries sent >> from outside the virtualization host. >> > <snip> > > It's always nice to fully explain things in the commit message, > as you have done here - not only does it make the reviewer's job > easier today, but down the road, it will make it much easier to > answer what the CVE was all about and who is impacted (or more > specifically, that default installation is NOT impacted). Thanks > for taking the time to write it up. > > ACK. And let's get this in, so distros can start backporting > the CVE fix for the sake of those people who ARE impacted. > Thanks! I've pushed the entire series. I suppose I should now get to the backports... -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list