On Wed, Jan 15, 2014 at 01:47:48PM -0700, Eric Blake wrote: > On 01/15/2014 01:43 PM, Eric Blake wrote: > > On 01/11/2014 07:27 AM, Guido Günther wrote: > >> Hi, > >> attached patches backport the fixes for CVE-2013-6458 to v0.9.12-maint. I > >> decided to cherry-pick the introduction of VIR_STRDUP and virReportError > >> as well to ease backporting of future fixes. I'd be happy about any review. > > > > Looks correct to me. I'll let you push to 0.9.12-maint since you > > already did that work; I already pushed to all the branches 0.10.2 and > > later. When porting to 0.10.2, I chose to just inline the call to > > strdup() instead of backporting VIR_STRDUP, for fewer patches but more > > conflict resolution; but either approach seems acceptable. > > Oh, and I also pushed the two patches for CVE-2014-1447 to all branches > back to 0.10.2. Since that also exists in 0.9.8, you'll want to include > those two patches in your push to 0.9.12. There's a conflict resolution > needed in the first of the two patches, if you want to borrow from > 0.10.2-maint. I've cherry-picked these too and will tag a 0.9.12.3 during the next days. Thanks a lot! -- Guido -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list