On 05/16/2013 04:06 PM, Eric Blake wrote: > On 05/16/2013 08:03 AM, Ján Tomko wrote: >> CVE-2013-1962 >> >> remoteDispatchStoragePoolListAllVolumes wasn't freeing the pool. >> The pool also held a reference to the connection, preventing it from >> getting freed and closing the netcf interface driver, which held two >> sockets open. >> --- >> daemon/remote.c | 2 ++ >> 1 file changed, 2 insertions(+) > > ACK. Embargo expired today; let's get this backported to v0.10.2-maint > and beyond so we can cut new maintenance releases on the affected branch > and make it easier for distros to ensure they have this CVE plugged. > Thanks, I've pushed it to master and all the maint branches from v0.10.2. Jan -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list