Re: [libvirt] [PATCH] CVE-2014-8131: Fix possible deadlock and segfault in qemuConnectGetAllDomainStats()
On 12/11/2014 03:40 AM, Martin Kletzander wrote:
> I can help with the security notices, as we have several other
CVEs that
> will also be plugged in time for 1.2.11.
>
That would be great. Just to complete this info, there's one
additional patch that's needed for this CVE fix to be complete:
commit cb104ef734dfea12cb8826dba7e2c98912c4b7e1
qemu: bulk stats: Fix logic in monitor handling
Let me know if I should back-port it with 'CVE-2014-8131' prefix or
just as it is.
It's best if backports match the subject line of the original, so don't
go changing the subject line on the backport.
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
Attachments:
- signature.asc (application/pgp-signature — 539 bytes)