On 09/23/2013 08:11 AM, Eric Blake wrote: > On 09/23/2013 05:46 AM, Daniel P. Berrange wrote: >> From: "Daniel P. Berrange" <berrange@xxxxxxxxxx> >> >> The fix for CVE-2013-4311 had a pre-requisite enhancement >> to the identity code >> >> commit db7a5688c05f3fd60d9d2b74c72427eb9ee9c176 >> Author: Daniel P. Berrange <berrange@xxxxxxxxxx> >> Date: Thu Aug 22 16:00:01 2013 +0100 >> >> Also store user & group ID values in virIdentity >> >> This had a typo which caused the group ID to overwrite the >> user ID string. This meant any checks using this would have >> the wrong ID value. This only affected the ACL code, not the >> initial polkit auth. It also leaked memory. >> >> Signed-off-by: Daniel P. Berrange <berrange@xxxxxxxxxx> >> --- >> src/rpc/virnetserverclient.c | 2 +- >> 1 file changed, 1 insertion(+), 1 deletion(-) > > ACK I'm pushing this to master on your behalf, so I can backport it to v1.1.2-maint, v1.1.1-maint, and v1.1.0-maint; to minimize the time where those branches are broken. I'll let you push the other two when you are ready (tests help, but missing a test doesn't hold up a maint branch). -- Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org
Attachment:
signature.asc
Description: OpenPGP digital signature
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list