On Wed, Jan 22, 2014 at 12:13:48PM -0700, Eric Blake wrote: > On 01/15/2014 01:43 PM, Eric Blake wrote: > > > > > Is anyone still using v0.9.11-maint? The CVE extends back to 0.9.8, so > > we could argue that we should either fix the 0.9.11 branch, or add > > another commit to the branch that explicitly marks it as end-of-life > > because no one appears to be relying on it. Fedora 18 is now > > end-of-life, so from Fedora's perspective, I only care about 0.10.2 > > (RHEL and CentOS 6), 1.0.5 (F19), 1.1.3 (F20) and soon 1.2.1 (rawhide), > > although I didn't mind touching all the intermediate branches on my way > > down to 0.10.2. RHEL 5 is also vulnerable to CVE-2013-6458, but as we > > don't have an upstream v0.8.2-maint branch (thank goodness!), that's > > something for Red Hat to worry about. > > I've gone ahead and marked v0.8.3-maint and v0.9.11-maint as closed (I'm > not posting the actual patch here, but it was done by 'git rm -f \*' > followed by recreating .gitignore and a placeholder README that mentions > the death of the branch). FYI for openstack I examined the current libvirt versions in some major distros: https://wiki.openstack.org/wiki/LibvirtDistroSupportMatrix Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list