> On Fri, Sep 20, 2013 at 06:48:04PM -0400, Cole Robinson wrote: > > libvirt 1.0.5.6 maintenance release is now available. This is > > libvirt 1.0.5 with additional bugfixes that have accumulated > > upstream since the initial release. > > > > The fix for this CVE is incomplete. There's a flaw in it affecting > the ACL code, which I've just posted a followup fix for > > https://www.redhat.com/archives/libvir-list/2013-September/msg01244.html > > So we'll need a 1.0.5.7 release with this. Huh? ACLs weren't added until 1.1.0, so I don't see how the typo added in ACL code can affect pre-ACL code. -- Eric Blake eblake@xxxxxxxxxx +1-919-301-3266 Libvirt virtualization library http://libvirt.org -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list