On 06/26/2014 07:56 AM, Peter Krempa wrote: > On 06/26/14 15:51, Eric Blake wrote: >> From: Peter Krempa <pkrempa@xxxxxxxxxx> >> >> When creating a new disk mirror the new struct is stored in a separate >> variable until everything went well. The removed hunk would actually >> remove existing mirror information for example when the api would be run >> if a mirror still exists. >> >> (cherry picked from commit 02b364e186d487f54ed410c01af042f23e812d42) >> >> This fixes a regression introduced in commit ff5f30b. >> >> Signed-off-by: Eric Blake <eblake@xxxxxxxxxx> >> >> Conflicts: >> src/qemu/qemu_driver.c - no refactoring of commit 7b7bf001 >> --- >> >> As Peter's patch resolves a regression, I'd like to backport it to >> the maint branches; however, that means redoing the patch. >> >> src/qemu/qemu_driver.c | 18 +++++++++--------- >> 1 file changed, 9 insertions(+), 9 deletions(-) >> > > ACK, I'm awaiting word on whether this regression represents a CVE. Obviously, the fix is already public, so I'm not making the situation any worse by mentioning that this patch is under evaluation; but at the same time, I'm not going into the details of the scenario I found while while playing with this patch. Worse, the regression was introduced when plugging an earlier CVE last year - it's never fun when solving one CVE causes another, so all the more reason that I hope the libvirt-security list doesn't deem this as a vulnerability. At any rate, whether or not this gets a CVE designation, it was more than just v1.2.1-maint affected - everything back to v0.9.12-maint had the bug by virtue of CVE-2013-6458; I'm in the process of backporting this patch to ALL branches. -- Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org
Attachment:
signature.asc
Description: OpenPGP digital signature
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list