On 06/26/2014 07:56 AM, Peter Krempa wrote:
On 06/26/14 15:51, Eric Blake wrote:
From: Peter Krempa <pkrempa@redhat.com>
When creating a new disk mirror the new struct is stored in a separate variable until everything went well. The removed hunk would actually remove existing mirror information for example when the api would be run if a mirror still exists.
(cherry picked from commit 02b364e186d487f54ed410c01af042f23e812d42)
This fixes a regression introduced in commit ff5f30b.
Signed-off-by: Eric Blake <eblake@redhat.com>
Conflicts: src/qemu/qemu_driver.c - no refactoring of commit 7b7bf001 ---
As Peter's patch resolves a regression, I'd like to backport it to the maint branches; however, that means redoing the patch.
src/qemu/qemu_driver.c | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-)
ACK,
I'm awaiting word on whether this regression represents a CVE. Obviously, the fix is already public, so I'm not making the situation any worse by mentioning that this patch is under evaluation; but at the same time, I'm not going into the details of the scenario I found while while playing with this patch. Worse, the regression was introduced when plugging an earlier CVE last year - it's never fun when solving one CVE causes another, so all the more reason that I hope the libvirt-security list doesn't deem this as a vulnerability. At any rate, whether or not this gets a CVE designation, it was more than just v1.2.1-maint affected - everything back to v0.9.12-maint had the bug by virtue of CVE-2013-6458; I'm in the process of backporting this patch to ALL branches. -- Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org