6:57 p.m.
Cleanups found while revisiting some of my recent backport efforts,
and documentation of recent releases.
* notices/2014/0001.xml: Typo fix, more details.
* notices/2014/0002.xml: Likewise.
* notices/2013/0017.xml: Maintenance releases.
Signed-off-by: Eric Blake <eblake(a)redhat.com>
---
notices/2013/0017.xml | 3 +++
notices/2014/0001.xml | 18 +++++++++++++++++-
notices/2014/0002.xml | 10 +++++++---
3 files changed, 27 insertions(+), 4 deletions(-)
diff --git a/notices/2013/0017.xml b/notices/2013/0017.xml
index 67a9dc8..083b9fb 100644
--- a/notices/2013/0017.xml
+++ b/notices/2013/0017.xml
@@ -64,6 +64,7 @@ on higher privileged users.]]>
<tag state="vulnerable">v1.1.4</tag>
<tag state="vulnerable">v1.2.0</tag>
<change
state="vulnerable">cfed9ad4fb28e268e1467a0071c2fbc0c0873969</change>
+ <tag state="fixed">v1.2.1</tag>
<change
state="fixed">f8c1cb90213508c4f32549023b0572ed774e48aa</change>
</branch>
<branch>
@@ -77,6 +78,7 @@ on higher privileged users.]]>
<tag state="vulnerable">v1.0.5.7</tag>
<tag state="vulnerable">v1.0.5.8</tag>
<change
state="vulnerable">cfed9ad4fb28e268e1467a0071c2fbc0c0873969</change>
+ <tag state="fixed">v1.0.5.9</tag>
<change
state="fixed">218bd2e8716bcb4c90acf6ecaf879d606b46606b</change>
</branch>
<branch>
@@ -104,6 +106,7 @@ on higher privileged users.]]>
<tag state="vulnerable">v1.1.3.1</tag>
<tag state="vulnerable">v1.1.3.2</tag>
<change
state="vulnerable">cfed9ad4fb28e268e1467a0071c2fbc0c0873969</change>
+ <tag state="fixed">v1.1.3.3</tag>
<change
state="fixed">66247dc5fffe5b9447f4db377c5adf02e6db97c4</change>
</branch>
<branch>
diff --git a/notices/2014/0001.xml b/notices/2014/0001.xml
index 67657e3..dc93468 100644
--- a/notices/2014/0001.xml
+++ b/notices/2014/0001.xml
@@ -13,7 +13,7 @@ initialization.]]>
</description>
<impact>
-<![CDATA[A malicious unprivileged client can caus the libvirtd daemon
+<![CDATA[A malicious unprivileged client can cause the libvirtd daemon
to crash leading to a denial of service]]>
</impact>
@@ -92,9 +92,23 @@ file]]>
<tag state="vulnerable">v0.9.12.1</tag>
<tag state="vulnerable">v0.9.12.2</tag>
<change
state="vulnerable">f4324e32927580e3620f0de3a0ec80334936e263</change>
+ <tag state="fixed">v0.9.12.3</tag>
<change
state="fixed">c385db5994842466ad3afd3ec4414dc67e41f8d3</change>
</branch>
<branch>
+ <name>v0.10.2-maint</name>
+ <tag state="vulnerable">v0.10.2.1</tag>
+ <tag state="vulnerable">v0.10.2.2</tag>
+ <tag state="vulnerable">v0.10.2.3</tag>
+ <tag state="vulnerable">v0.10.2.4</tag>
+ <tag state="vulnerable">v0.10.2.5</tag>
+ <tag state="vulnerable">v0.10.2.6</tag>
+ <tag state="vulnerable">v0.10.2.7</tag>
+ <tag state="vulnerable">v0.10.2.8</tag>
+ <change
state="vulnerable">f4324e32927580e3620f0de3a0ec80334936e263</change>
+ <change
state="fixed">35ed9796981cf7b939f28b60ca828824a0488a3a</change>
+ </branch>
+ <branch>
<name>v1.0.2-maint</name>
<change
state="vulnerable">f4324e32927580e3620f0de3a0ec80334936e263</change>
<change
state="fixed">7fad864afa2f7137f5ebfa7874c70d2a2ca5c6b1</change>
@@ -120,6 +134,7 @@ file]]>
<tag state="vulnerable">v1.0.5.7</tag>
<tag state="vulnerable">v1.0.5.8</tag>
<change
state="vulnerable">f4324e32927580e3620f0de3a0ec80334936e263</change>
+ <tag state="fixed">v1.0.5.9</tag>
<change
state="fixed">99f8d97aa7498ae06bfbefc0d4d71351d0831016</change>
</branch>
<branch>
@@ -147,6 +162,7 @@ file]]>
<tag state="vulnerable">v1.1.3.1</tag>
<tag state="vulnerable">v1.1.3.2</tag>
<change
state="vulnerable">f4324e32927580e3620f0de3a0ec80334936e263</change>
+ <tag state="fixed">v1.1.3.3</tag>
<change
state="fixed">8342adeffb260c564edd4d7279fcb8c3499a997f</change>
</branch>
<branch>
diff --git a/notices/2014/0002.xml b/notices/2014/0002.xml
index acafda9..aa286a0 100644
--- a/notices/2014/0002.xml
+++ b/notices/2014/0002.xml
@@ -6,13 +6,15 @@
<description>
<![CDATA[The asynchronous events were not filtered based on
any permission check prior to being dispatched to the client.
-This could lead to the client learning about the existance
-of domains that they are not authorized to see]]>
+This could lead to the client learning about the existence
+of domains that they are not authorized to see.]]>
</description>
<impact>
<![CDATA[A client can use events to learn of domains that
-they are not authorized to see.]]>
+they are not authorized to see. Additionally, the client
+can use that object to attempt other actions on the domain,
+such as starting or stopping it.]]>
</impact>
<workaround>
@@ -38,6 +40,7 @@ they are not authorized to see.]]>
<reference>
<advisory type="CVE" id="2014-0028"/>
+ <bug tracker="redhat" id="1047964"/>
</reference>
<product name="libvirt">
@@ -74,6 +77,7 @@ they are not authorized to see.]]>
<tag state="vulnerable">v1.1.3.1</tag>
<tag state="vulnerable">v1.1.3.2</tag>
<change
state="vulnerable">ed3bac713c3cfc055ef551cbfe92a061084382c3</change>
+ <tag state="fixed">v1.1.3.3</tag>
<change
state="fixed">51afa9a255d7a073373ad4533eff58bd819890e8</change>
</branch>
<branch>
--
1.8.4.2