16 May
2013
16 May
'13
4:09 p.m.
On 05/16/2013 04:06 PM, Eric Blake wrote:
On 05/16/2013 08:03 AM, Ján Tomko wrote:
CVE-2013-1962
remoteDispatchStoragePoolListAllVolumes wasn't freeing the pool. The pool also held a reference to the connection, preventing it from getting freed and closing the netcf interface driver, which held two sockets open. --- daemon/remote.c | 2 ++ 1 file changed, 2 insertions(+)
ACK. Embargo expired today; let's get this backported to v0.10.2-maint and beyond so we can cut new maintenance releases on the affected branch and make it easier for distros to ensure they have this CVE plugged.
Thanks, I've pushed it to master and all the maint branches from v0.10.2. Jan