Re: [libvirt] CVE-2013-6458 Re: [PATCH 0/5] qemu: Fix job usage in several APIs

On 12/20/2013 02:36 PM, Jiri Denemark wrote: > When fixing https://bugzilla.redhat.com/show_bug.cgi?id=1043069 I > realized qemuDomainBlockStats is not the only API that does not acquire > a job early enough. Generally, every API that is going to begin a job > should do that before fetching data from vm->def. The following 5 APIs > failed to do so and moreover used the data fetched early from vm->def > after starting a job. In some circumstances this can lead to a crash. This series has been assigned CVE-2013-6458. I ran out of time today to review the rest of the series and start the backports; but hopefully we can get progress on it before 2014.