16 May
2013
16 May
'13
4:06 p.m.
On 05/16/2013 08:03 AM, Ján Tomko wrote:
CVE-2013-1962
remoteDispatchStoragePoolListAllVolumes wasn't freeing the pool. The pool also held a reference to the connection, preventing it from getting freed and closing the netcf interface driver, which held two sockets open. --- daemon/remote.c | 2 ++ 1 file changed, 2 insertions(+)
ACK. Embargo expired today; let's get this backported to v0.10.2-maint and beyond so we can cut new maintenance releases on the affected branch and make it easier for distros to ensure they have this CVE plugged. -- Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org