On Mon, Dec 23, 2013 at 23:09:12 -0700, Eric Blake wrote: > On 12/20/2013 02:36 PM, Jiri Denemark wrote: > > When fixing https://bugzilla.redhat.com/show_bug.cgi?id=1043069 I > > realized qemuDomainBlockStats is not the only API that does not acquire > > a job early enough. Generally, every API that is going to begin a job > > should do that before fetching data from vm->def. The following 5 APIs > > failed to do so and moreover used the data fetched early from vm->def > > after starting a job. In some circumstances this can lead to a crash. > > This series has been assigned CVE-2013-6458. I ran out of time today to > review the rest of the series and start the backports; but hopefully we > can get progress on it before 2014. The series is pushed now. Thanks for the review. Jirka -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list