12:27 p.m.
This provides the security notices we've had so far in 2018 and a
script to make future ones easier to create.
Daniel P. Berrangé (4):
LSN-2018-0001 / CVE-2017-5715 - Spectre variant 2 branch target
injection
LSN-2018-0002 / CVE-2018-5748 - QEMU monitor denial of service
LSN-2018-0003 / CVE-2018-6764 - Insecure usage of NSS modules during
container startup
Add a script for generating a list of vulnerable tags & branches
notices/2018/0001.xml | 276 ++++++++++++++++++++++++++++++++++++++
notices/2018/0002.xml | 274 +++++++++++++++++++++++++++++++++++++
notices/2018/0003.xml | 269 +++++++++++++++++++++++++++++++++++++
scripts/report-vulnerable-tags.pl | 108 +++++++++++++++
4 files changed, 927 insertions(+)
create mode 100644 notices/2018/0001.xml
create mode 100644 notices/2018/0002.xml
create mode 100644 notices/2018/0003.xml
create mode 100644 scripts/report-vulnerable-tags.pl
--
2.14.3
12:27 p.m.
New subject: [libvirt] [PATCH security-notice 1/4] LSN-2018-0001 / CVE-2017-5715 - Spectre variant 2 branch target injection
Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com>
---
notices/2018/0001.xml | 276 ++++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 276 insertions(+)
create mode 100644 notices/2018/0001.xml
diff --git a/notices/2018/0001.xml b/notices/2018/0001.xml
new file mode 100644
index 0000000..9acb303
--- /dev/null
+++ b/notices/2018/0001.xml
@@ -0,0 +1,276 @@
+<security-notice
xmlns="http://security.libvirt.org/xmlns/security-notice/1.0">
+ <id>2018-0001</id>
+
+ <summary>Spectre variant 2 branch target injection</summary>
+
+ <description>
+ <![CDATA[This is not a vulnerability in libvirt, rather it is
+ a set of changes in libvirt to enable mitigation of
+ the Spectre hardware flaws by providing extra CPU
+ models with the "spec-ctrl" feature . Refer to
https://spectreattack.com/
+ for further backend information.]]>
+ </description>
+
+ <credits>
+ <reporter>
+ <name>Paolo Bonzini</name>
+ <email>pbonzini(a)redhat.com</email>
+ </reporter>
+ <patcher>
+ <name>Paolo Bonzini</name>
+ <email>pbonzini(a)redhat.com</email>
+ </patcher>
+ <patcher>
+ <name>Jiri Denemark</name>
+ <email>jdenemar(a)redhat.com</email>
+ </patcher>
+ </credits>
+
+ <lifecycle>
+ <reported>20171212</reported>
+ <published>20180105</published>
+ <fixed>20180118</fixed>
+ </lifecycle>
+
+ <reference>
+ <advisory type="CVE" id="2017-5715"/>
+ </reference>
+
+ <product name="libvirt">
+ <repository>libvirt.git</repository>
+ <branch>
+ <name>master</name>
+ <tag state="vulnerable">v0.2.0</tag>
+ <tag state="vulnerable">v0.2.1</tag>
+ <tag state="vulnerable">v0.2.2</tag>
+ <tag state="vulnerable">v0.2.3</tag>
+ <tag state="vulnerable">v0.3.0</tag>
+ <tag state="vulnerable">v0.3.1</tag>
+ <tag state="vulnerable">v0.3.2</tag>
+ <tag state="vulnerable">v0.3.3</tag>
+ <tag state="vulnerable">v0.4.1</tag>
+ <tag state="vulnerable">v0.4.2</tag>
+ <tag state="vulnerable">v0.4.4</tag>
+ <tag state="vulnerable">v0.4.6</tag>
+ <tag state="vulnerable">v0.5.0</tag>
+ <tag state="vulnerable">v0.5.1</tag>
+ <tag state="vulnerable">v0.6.0</tag>
+ <tag state="vulnerable">v0.6.1</tag>
+ <tag state="vulnerable">v0.6.2</tag>
+ <tag state="vulnerable">v0.6.3</tag>
+ <tag state="vulnerable">v0.6.4</tag>
+ <tag state="vulnerable">v0.6.5</tag>
+ <tag state="vulnerable">v0.7.0</tag>
+ <tag state="vulnerable">v0.7.1</tag>
+ <tag state="vulnerable">v0.7.2</tag>
+ <tag state="vulnerable">v0.7.3</tag>
+ <tag state="vulnerable">v0.7.4</tag>
+ <tag state="vulnerable">v0.7.5</tag>
+ <tag state="vulnerable">v0.7.6</tag>
+ <tag state="vulnerable">v0.7.7</tag>
+ <tag state="vulnerable">v0.8.0</tag>
+ <tag state="vulnerable">v0.8.1</tag>
+ <tag state="vulnerable">v0.8.2</tag>
+ <tag state="vulnerable">v0.8.3</tag>
+ <tag state="vulnerable">v0.8.4</tag>
+ <tag state="vulnerable">v0.8.5</tag>
+ <tag state="vulnerable">v0.8.6</tag>
+ <tag state="vulnerable">v0.8.7</tag>
+ <tag state="vulnerable">v0.8.8</tag>
+ <tag state="vulnerable">v0.9.0</tag>
+ <tag state="vulnerable">v0.9.1</tag>
+ <tag state="vulnerable">v0.9.2</tag>
+ <tag state="vulnerable">v0.9.3</tag>
+ <tag state="vulnerable">v0.9.4</tag>
+ <tag state="vulnerable">v0.9.5</tag>
+ <tag state="vulnerable">v0.9.6</tag>
+ <tag state="vulnerable">v0.9.7</tag>
+ <tag state="vulnerable">v0.9.8</tag>
+ <tag state="vulnerable">v0.9.9</tag>
+ <tag state="vulnerable">v0.9.10</tag>
+ <tag state="vulnerable">v0.9.11</tag>
+ <tag state="vulnerable">v0.9.12</tag>
+ <tag state="vulnerable">v0.9.13</tag>
+ <tag state="vulnerable">v0.10.0</tag>
+ <tag state="vulnerable">v0.10.1</tag>
+ <tag state="vulnerable">v0.10.2</tag>
+ <tag state="vulnerable">v1.0.0</tag>
+ <tag state="vulnerable">v1.0.1</tag>
+ <tag state="vulnerable">v1.0.2</tag>
+ <tag state="vulnerable">v1.0.3</tag>
+ <tag state="vulnerable">v1.0.4</tag>
+ <tag state="vulnerable">v1.0.5</tag>
+ <tag state="vulnerable">v1.0.6</tag>
+ <tag state="vulnerable">v1.1.0</tag>
+ <tag state="vulnerable">v1.1.1</tag>
+ <tag state="vulnerable">v1.1.2</tag>
+ <tag state="vulnerable">v1.1.3</tag>
+ <tag state="vulnerable">v1.1.4</tag>
+ <tag state="vulnerable">v1.2.0</tag>
+ <tag state="vulnerable">v1.2.1</tag>
+ <tag state="vulnerable">v1.2.2</tag>
+ <tag state="vulnerable">v1.2.3</tag>
+ <tag state="vulnerable">v1.2.4</tag>
+ <tag state="vulnerable">v1.2.5</tag>
+ <tag state="vulnerable">v1.2.6</tag>
+ <tag state="vulnerable">v1.2.7</tag>
+ <tag state="vulnerable">v1.2.8</tag>
+ <tag state="vulnerable">v1.2.9</tag>
+ <tag state="vulnerable">v1.2.10</tag>
+ <tag state="vulnerable">v1.2.11</tag>
+ <tag state="vulnerable">v1.2.12</tag>
+ <tag state="vulnerable">v1.2.13</tag>
+ <tag state="vulnerable">v1.2.14</tag>
+ <tag state="vulnerable">v1.2.15</tag>
+ <tag state="vulnerable">v1.2.16</tag>
+ <tag state="vulnerable">v1.2.17</tag>
+ <tag state="vulnerable">v1.2.18</tag>
+ <tag state="vulnerable">v1.2.19</tag>
+ <tag state="vulnerable">v1.2.20</tag>
+ <tag state="vulnerable">v1.2.21</tag>
+ <tag state="vulnerable">v1.3.0</tag>
+ <tag state="vulnerable">v1.3.1</tag>
+ <tag state="vulnerable">v1.3.2</tag>
+ <tag state="vulnerable">v1.3.3</tag>
+ <tag state="vulnerable">v1.3.4</tag>
+ <tag state="vulnerable">v1.3.5</tag>
+ <tag state="vulnerable">v2.0.0</tag>
+ <tag state="vulnerable">v2.1.0</tag>
+ <tag state="vulnerable">v2.2.0</tag>
+ <tag state="vulnerable">v2.3.0</tag>
+ <tag state="vulnerable">v2.4.0</tag>
+ <tag state="vulnerable">v2.5.0</tag>
+ <tag state="vulnerable">v3.0.0</tag>
+ <tag state="vulnerable">v3.1.0</tag>
+ <tag state="vulnerable">v3.2.0</tag>
+ <tag state="vulnerable">v3.3.0</tag>
+ <tag state="vulnerable">v3.4.0</tag>
+ <tag state="vulnerable">v3.5.0</tag>
+ <tag state="vulnerable">v3.6.0</tag>
+ <tag state="vulnerable">v3.7.0</tag>
+ <tag state="vulnerable">v3.8.0</tag>
+ <tag state="vulnerable">v3.9.0</tag>
+ <tag state="vulnerable">v3.10.0</tag>
+ <tag state="vulnerable">v4.0.0</tag>
+ <tag state="fixed">v4.1.0</tag>
+ <change
state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change>
+ <change
state="fixed">24d504396c3c05eff87d29173a224e2faaeb2637</change>
+ <change
state="fixed">b2042020c32b74069fa5365b5e966537aaba8cf6</change>
+ <change
state="fixed">7bb4ce9761dfbd1620ddffb26fbd6f0ff1fedf3f</change>
+ <change
state="fixed">49bffcb3cc1850d332b9648c686a7be18de9e708</change>
+ <change
state="fixed">7f83eefa9e6940c83579d31941efd07fab1b90c8</change>
+ <change
state="fixed">7dd85ff62d7080b52d4d175f53ad5eb11cdcfb9c</change>
+ <change
state="fixed">203c92e9cc2db854199b39ef3ffcc10406d3c59e</change>
+ <change
state="fixed">30b381cfdd5e92e5afa6de09f0fe533353e71d07</change>
+ <change
state="fixed">2e3b220a874e558e54678afd7cf49466fe605e09</change>
+ <change
state="fixed">6b7e7d1cc24a28a9f5ece8626f807189647d14b4</change>
+ <change
state="fixed">6d4a3cd42781babed7d29b061e220ebff24dd43e</change>
+ </branch>
+ <branch>
+ <name>v0.9.6-maint</name>
+ <tag state="vulnerable">v0.9.6.1</tag>
+ <tag state="vulnerable">v0.9.6.2</tag>
+ <tag state="vulnerable">v0.9.6.3</tag>
+ <tag state="vulnerable">v0.9.6.4</tag>
+ <change
state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change>
+ </branch>
+ <branch>
+ <name>v0.9.11-maint</name>
+ <tag state="vulnerable">v0.9.11.1</tag>
+ <tag state="vulnerable">v0.9.11.2</tag>
+ <tag state="vulnerable">v0.9.11.3</tag>
+ <tag state="vulnerable">v0.9.11.4</tag>
+ <tag state="vulnerable">v0.9.11.5</tag>
+ <tag state="vulnerable">v0.9.11.6</tag>
+ <tag state="vulnerable">v0.9.11.7</tag>
+ <tag state="vulnerable">v0.9.11.8</tag>
+ <tag state="vulnerable">v0.9.11.9</tag>
+ <tag state="vulnerable">v0.9.11.10</tag>
+ <change
state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change>
+ </branch>
+ <branch>
+ <name>v0.9.12-maint</name>
+ <tag state="vulnerable">v0.9.12.1</tag>
+ <tag state="vulnerable">v0.9.12.2</tag>
+ <tag state="vulnerable">v0.9.12.3</tag>
+ <change
state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change>
+ </branch>
+ <branch>
+ <name>v0.10.2-maint</name>
+ <tag state="vulnerable">v0.10.2.1</tag>
+ <tag state="vulnerable">v0.10.2.2</tag>
+ <tag state="vulnerable">v0.10.2.3</tag>
+ <tag state="vulnerable">v0.10.2.4</tag>
+ <tag state="vulnerable">v0.10.2.5</tag>
+ <tag state="vulnerable">v0.10.2.6</tag>
+ <tag state="vulnerable">v0.10.2.7</tag>
+ <tag state="vulnerable">v0.10.2.8</tag>
+ <change
state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change>
+ </branch>
+ <branch>
+ <name>v1.0.5-maint</name>
+ <tag state="vulnerable">v1.0.5.1</tag>
+ <tag state="vulnerable">v1.0.5.2</tag>
+ <tag state="vulnerable">v1.0.5.3</tag>
+ <tag state="vulnerable">v1.0.5.4</tag>
+ <tag state="vulnerable">v1.0.5.5</tag>
+ <tag state="vulnerable">v1.0.5.6</tag>
+ <tag state="vulnerable">v1.0.5.7</tag>
+ <tag state="vulnerable">v1.0.5.8</tag>
+ <tag state="vulnerable">v1.0.5.9</tag>
+ <change
state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change>
+ </branch>
+ <branch>
+ <name>v1.1.3-maint</name>
+ <tag state="vulnerable">v1.1.3.1</tag>
+ <tag state="vulnerable">v1.1.3.2</tag>
+ <tag state="vulnerable">v1.1.3.3</tag>
+ <tag state="vulnerable">v1.1.3.4</tag>
+ <tag state="vulnerable">v1.1.3.5</tag>
+ <tag state="vulnerable">v1.1.3.6</tag>
+ <tag state="vulnerable">v1.1.3.7</tag>
+ <tag state="vulnerable">v1.1.3.8</tag>
+ <tag state="vulnerable">v1.1.3.9</tag>
+ <change
state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change>
+ </branch>
+ <branch>
+ <name>v1.2.9-maint</name>
+ <tag state="vulnerable">v1.2.9.1</tag>
+ <tag state="vulnerable">v1.2.9.2</tag>
+ <tag state="vulnerable">v1.2.9.3</tag>
+ <change
state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change>
+ </branch>
+ <branch>
+ <name>v1.2.13-maint</name>
+ <tag state="vulnerable">v1.2.13.1</tag>
+ <tag state="vulnerable">v1.2.13.2</tag>
+ <change
state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change>
+ </branch>
+ <branch>
+ <name>v1.2.18-maint</name>
+ <tag state="vulnerable">v1.2.18.1</tag>
+ <tag state="vulnerable">v1.2.18.2</tag>
+ <tag state="vulnerable">v1.2.18.3</tag>
+ <tag state="vulnerable">v1.2.18.4</tag>
+ <change
state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change>
+ </branch>
+ <branch>
+ <name>v1.3.3-maint</name>
+ <tag state="vulnerable">v1.3.3.1</tag>
+ <tag state="vulnerable">v1.3.3.2</tag>
+ <tag state="vulnerable">v1.3.3.3</tag>
+ <change
state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change>
+ </branch>
+ <branch>
+ <name>v2.2-maint</name>
+ <tag state="vulnerable">v2.2.1</tag>
+ <change
state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change>
+ </branch>
+ <branch>
+ <name>v3.2-maint</name>
+ <tag state="vulnerable">v3.2.1</tag>
+ <change
state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change>
+ </branch>
+ </product>
+
+</security-notice>
--
2.14.3
12:27 p.m.
New subject: [libvirt] [PATCH security-notice 2/4] LSN-2018-0002 / CVE-2018-5748 - QEMU monitor denial of service
Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com>
---
notices/2018/0002.xml | 274 ++++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 274 insertions(+)
create mode 100644 notices/2018/0002.xml
diff --git a/notices/2018/0002.xml b/notices/2018/0002.xml
new file mode 100644
index 0000000..8b8e069
--- /dev/null
+++ b/notices/2018/0002.xml
@@ -0,0 +1,274 @@
+<security-notice
xmlns="http://security.libvirt.org/xmlns/security-notice/1.0">
+ <id>2018-0002</id>
+
+ <summary>QEMU monitor denial of service</summary>
+
+ <description>
+ <![CDATA[The libvirt code that reads data from the QEMU monitor will read
+ data until encountering a newline, buffering all data in memory
+ with no upper limit applied.]]>
+ </description>
+
+ <impact>
+ <![CDATA[A malicious QEMU process can cause the libvirtd daemon to consume
+ an arbitrary amount of memory by sending lots of data without any newline
+ characters.]]>
+ </impact>
+
+ <workaround>
+ <![CDATA[There is no practical workaround to prevent this happening, though to
+ exploit it a user would have to first break out of the guest into QEMU]]>
+ </workaround>
+
+ <credits>
+ <reporter>
+ <name>Peter Krempa</name>
+ <email>pkrempa(a)redhat.com</email>
+ </reporter>
+ <reporter>
+ <name>Daniel P. Berrangé</name>
+ <email>berrange(a)redhat.com</email>
+ </reporter>
+ <patcher>
+ <name>Daniel P. Berrangé</name>
+ <email>berrange(a)redhat.com</email>
+ </patcher>
+ </credits>
+
+ <lifecycle>
+ <reported>20171221</reported>
+ <published>20171221</published>
+ <fixed>20180118</fixed>
+ </lifecycle>
+
+ <reference>
+ <advisory type="CVE" id="2018-5748"/>
+ </reference>
+
+ <product name="libvirt">
+ <repository>libvirt.git</repository>
+ <branch>
+ <name>master</name>
+ <tag state="vulnerable">v0.2.0</tag>
+ <tag state="vulnerable">v0.2.1</tag>
+ <tag state="vulnerable">v0.2.2</tag>
+ <tag state="vulnerable">v0.2.3</tag>
+ <tag state="vulnerable">v0.3.0</tag>
+ <tag state="vulnerable">v0.3.1</tag>
+ <tag state="vulnerable">v0.3.2</tag>
+ <tag state="vulnerable">v0.3.3</tag>
+ <tag state="vulnerable">v0.4.1</tag>
+ <tag state="vulnerable">v0.4.2</tag>
+ <tag state="vulnerable">v0.4.4</tag>
+ <tag state="vulnerable">v0.4.6</tag>
+ <tag state="vulnerable">v0.5.0</tag>
+ <tag state="vulnerable">v0.5.1</tag>
+ <tag state="vulnerable">v0.6.0</tag>
+ <tag state="vulnerable">v0.6.1</tag>
+ <tag state="vulnerable">v0.6.2</tag>
+ <tag state="vulnerable">v0.6.3</tag>
+ <tag state="vulnerable">v0.6.4</tag>
+ <tag state="vulnerable">v0.6.5</tag>
+ <tag state="vulnerable">v0.7.0</tag>
+ <tag state="vulnerable">v0.7.1</tag>
+ <tag state="vulnerable">v0.7.2</tag>
+ <tag state="vulnerable">v0.7.3</tag>
+ <tag state="vulnerable">v0.7.4</tag>
+ <tag state="vulnerable">v0.7.5</tag>
+ <tag state="vulnerable">v0.7.6</tag>
+ <tag state="vulnerable">v0.7.7</tag>
+ <tag state="vulnerable">v0.8.0</tag>
+ <tag state="vulnerable">v0.8.1</tag>
+ <tag state="vulnerable">v0.8.2</tag>
+ <tag state="vulnerable">v0.8.3</tag>
+ <tag state="vulnerable">v0.8.4</tag>
+ <tag state="vulnerable">v0.8.5</tag>
+ <tag state="vulnerable">v0.8.6</tag>
+ <tag state="vulnerable">v0.8.7</tag>
+ <tag state="vulnerable">v0.8.8</tag>
+ <tag state="vulnerable">v0.9.0</tag>
+ <tag state="vulnerable">v0.9.1</tag>
+ <tag state="vulnerable">v0.9.2</tag>
+ <tag state="vulnerable">v0.9.3</tag>
+ <tag state="vulnerable">v0.9.4</tag>
+ <tag state="vulnerable">v0.9.5</tag>
+ <tag state="vulnerable">v0.9.6</tag>
+ <tag state="vulnerable">v0.9.7</tag>
+ <tag state="vulnerable">v0.9.8</tag>
+ <tag state="vulnerable">v0.9.9</tag>
+ <tag state="vulnerable">v0.9.10</tag>
+ <tag state="vulnerable">v0.9.11</tag>
+ <tag state="vulnerable">v0.9.12</tag>
+ <tag state="vulnerable">v0.9.13</tag>
+ <tag state="vulnerable">v0.10.0</tag>
+ <tag state="vulnerable">v0.10.1</tag>
+ <tag state="vulnerable">v0.10.2</tag>
+ <tag state="vulnerable">v1.0.0</tag>
+ <tag state="vulnerable">v1.0.1</tag>
+ <tag state="vulnerable">v1.0.2</tag>
+ <tag state="vulnerable">v1.0.3</tag>
+ <tag state="vulnerable">v1.0.4</tag>
+ <tag state="vulnerable">v1.0.5</tag>
+ <tag state="vulnerable">v1.0.6</tag>
+ <tag state="vulnerable">v1.1.0</tag>
+ <tag state="vulnerable">v1.1.1</tag>
+ <tag state="vulnerable">v1.1.2</tag>
+ <tag state="vulnerable">v1.1.3</tag>
+ <tag state="vulnerable">v1.1.4</tag>
+ <tag state="vulnerable">v1.2.0</tag>
+ <tag state="vulnerable">v1.2.1</tag>
+ <tag state="vulnerable">v1.2.2</tag>
+ <tag state="vulnerable">v1.2.3</tag>
+ <tag state="vulnerable">v1.2.4</tag>
+ <tag state="vulnerable">v1.2.5</tag>
+ <tag state="vulnerable">v1.2.6</tag>
+ <tag state="vulnerable">v1.2.7</tag>
+ <tag state="vulnerable">v1.2.8</tag>
+ <tag state="vulnerable">v1.2.9</tag>
+ <tag state="vulnerable">v1.2.10</tag>
+ <tag state="vulnerable">v1.2.11</tag>
+ <tag state="vulnerable">v1.2.12</tag>
+ <tag state="vulnerable">v1.2.13</tag>
+ <tag state="vulnerable">v1.2.14</tag>
+ <tag state="vulnerable">v1.2.15</tag>
+ <tag state="vulnerable">v1.2.16</tag>
+ <tag state="vulnerable">v1.2.17</tag>
+ <tag state="vulnerable">v1.2.18</tag>
+ <tag state="vulnerable">v1.2.19</tag>
+ <tag state="vulnerable">v1.2.20</tag>
+ <tag state="vulnerable">v1.2.21</tag>
+ <tag state="vulnerable">v1.3.0</tag>
+ <tag state="vulnerable">v1.3.1</tag>
+ <tag state="vulnerable">v1.3.2</tag>
+ <tag state="vulnerable">v1.3.3</tag>
+ <tag state="vulnerable">v1.3.4</tag>
+ <tag state="vulnerable">v1.3.5</tag>
+ <tag state="vulnerable">v2.0.0</tag>
+ <tag state="vulnerable">v2.1.0</tag>
+ <tag state="vulnerable">v2.2.0</tag>
+ <tag state="vulnerable">v2.3.0</tag>
+ <tag state="vulnerable">v2.4.0</tag>
+ <tag state="vulnerable">v2.5.0</tag>
+ <tag state="vulnerable">v3.0.0</tag>
+ <tag state="vulnerable">v3.1.0</tag>
+ <tag state="vulnerable">v3.2.0</tag>
+ <tag state="vulnerable">v3.3.0</tag>
+ <tag state="vulnerable">v3.4.0</tag>
+ <tag state="vulnerable">v3.5.0</tag>
+ <tag state="vulnerable">v3.6.0</tag>
+ <tag state="vulnerable">v3.7.0</tag>
+ <tag state="vulnerable">v3.8.0</tag>
+ <tag state="vulnerable">v3.9.0</tag>
+ <tag state="vulnerable">v3.10.0</tag>
+ <tag state="fixed">v4.0.0</tag>
+ <change
state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change>
+ <change
state="fixed">bc251ea91bcfddd2622fce6bce701a438b2e7276</change>
+ </branch>
+ <branch>
+ <name>v0.9.6-maint</name>
+ <tag state="vulnerable">v0.9.6.1</tag>
+ <tag state="vulnerable">v0.9.6.2</tag>
+ <tag state="vulnerable">v0.9.6.3</tag>
+ <tag state="vulnerable">v0.9.6.4</tag>
+ <change
state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change>
+ </branch>
+ <branch>
+ <name>v0.9.11-maint</name>
+ <tag state="vulnerable">v0.9.11.1</tag>
+ <tag state="vulnerable">v0.9.11.2</tag>
+ <tag state="vulnerable">v0.9.11.3</tag>
+ <tag state="vulnerable">v0.9.11.4</tag>
+ <tag state="vulnerable">v0.9.11.5</tag>
+ <tag state="vulnerable">v0.9.11.6</tag>
+ <tag state="vulnerable">v0.9.11.7</tag>
+ <tag state="vulnerable">v0.9.11.8</tag>
+ <tag state="vulnerable">v0.9.11.9</tag>
+ <tag state="vulnerable">v0.9.11.10</tag>
+ <change
state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change>
+ </branch>
+ <branch>
+ <name>v0.9.12-maint</name>
+ <tag state="vulnerable">v0.9.12.1</tag>
+ <tag state="vulnerable">v0.9.12.2</tag>
+ <tag state="vulnerable">v0.9.12.3</tag>
+ <change
state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change>
+ </branch>
+ <branch>
+ <name>v0.10.2-maint</name>
+ <tag state="vulnerable">v0.10.2.1</tag>
+ <tag state="vulnerable">v0.10.2.2</tag>
+ <tag state="vulnerable">v0.10.2.3</tag>
+ <tag state="vulnerable">v0.10.2.4</tag>
+ <tag state="vulnerable">v0.10.2.5</tag>
+ <tag state="vulnerable">v0.10.2.6</tag>
+ <tag state="vulnerable">v0.10.2.7</tag>
+ <tag state="vulnerable">v0.10.2.8</tag>
+ <change
state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change>
+ </branch>
+ <branch>
+ <name>v1.0.5-maint</name>
+ <tag state="vulnerable">v1.0.5.1</tag>
+ <tag state="vulnerable">v1.0.5.2</tag>
+ <tag state="vulnerable">v1.0.5.3</tag>
+ <tag state="vulnerable">v1.0.5.4</tag>
+ <tag state="vulnerable">v1.0.5.5</tag>
+ <tag state="vulnerable">v1.0.5.6</tag>
+ <tag state="vulnerable">v1.0.5.7</tag>
+ <tag state="vulnerable">v1.0.5.8</tag>
+ <tag state="vulnerable">v1.0.5.9</tag>
+ <change
state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change>
+ </branch>
+ <branch>
+ <name>v1.1.3-maint</name>
+ <tag state="vulnerable">v1.1.3.1</tag>
+ <tag state="vulnerable">v1.1.3.2</tag>
+ <tag state="vulnerable">v1.1.3.3</tag>
+ <tag state="vulnerable">v1.1.3.4</tag>
+ <tag state="vulnerable">v1.1.3.5</tag>
+ <tag state="vulnerable">v1.1.3.6</tag>
+ <tag state="vulnerable">v1.1.3.7</tag>
+ <tag state="vulnerable">v1.1.3.8</tag>
+ <tag state="vulnerable">v1.1.3.9</tag>
+ <change
state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change>
+ </branch>
+ <branch>
+ <name>v1.2.9-maint</name>
+ <tag state="vulnerable">v1.2.9.1</tag>
+ <tag state="vulnerable">v1.2.9.2</tag>
+ <tag state="vulnerable">v1.2.9.3</tag>
+ <change
state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change>
+ </branch>
+ <branch>
+ <name>v1.2.13-maint</name>
+ <tag state="vulnerable">v1.2.13.1</tag>
+ <tag state="vulnerable">v1.2.13.2</tag>
+ <change
state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change>
+ </branch>
+ <branch>
+ <name>v1.2.18-maint</name>
+ <tag state="vulnerable">v1.2.18.1</tag>
+ <tag state="vulnerable">v1.2.18.2</tag>
+ <tag state="vulnerable">v1.2.18.3</tag>
+ <tag state="vulnerable">v1.2.18.4</tag>
+ <change
state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change>
+ </branch>
+ <branch>
+ <name>v1.3.3-maint</name>
+ <tag state="vulnerable">v1.3.3.1</tag>
+ <tag state="vulnerable">v1.3.3.2</tag>
+ <tag state="vulnerable">v1.3.3.3</tag>
+ <change
state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change>
+ </branch>
+ <branch>
+ <name>v2.2-maint</name>
+ <tag state="vulnerable">v2.2.1</tag>
+ <change
state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change>
+ </branch>
+ <branch>
+ <name>v3.2-maint</name>
+ <tag state="vulnerable">v3.2.1</tag>
+ <change
state="vulnerable">23ad665cb05ef9ce7d298cc34bff5efb95ef6948</change>
+ </branch>
+ </product>
+
+</security-notice>
--
2.14.3
12:27 p.m.
New subject: [libvirt] [PATCH security-notice 3/4] LSN-2018-0003 / CVE-2018-6764 - Insecure usage of NSS modules during container startup
Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com>
---
notices/2018/0003.xml | 269 ++++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 269 insertions(+)
create mode 100644 notices/2018/0003.xml
diff --git a/notices/2018/0003.xml b/notices/2018/0003.xml
new file mode 100644
index 0000000..2c53626
--- /dev/null
+++ b/notices/2018/0003.xml
@@ -0,0 +1,269 @@
+<security-notice
xmlns="http://security.libvirt.org/xmlns/security-notice/1.0">
+ <id>2018-0003</id>
+
+ <summary>Insecure usage of NSS modules during container startup</summary>
+
+ <description>
+ <![CDATA[During container startup it is possible that libvirt logging
+ code will trigger a hostname lookup. This will in turn potentially
+ cause GLibC to load various NSS modules from the container's
+ root filesystem rather than the host's root filesystem. During this
+ time the host's root filesystem is still accessible and fully
+ writable]]>
+ </description>
+
+ <impact>
+ <![CDATA[A maliciously crafted NSS module in the container's root filesystem
+ can exploit the host OS by writing content into the host's root
+ filesystem]]>
+ </impact>
+
+ <workaround>
+ <![CDATA[There is no practical workaround]]>
+ </workaround>
+
+ <credits>
+ <reporter>
+ <name>Lubomir Rintel</name>
+ <email>lkundrak(a)v3.sk</email>
+ </reporter>
+ <patcher>
+ <name>Lubomir Rintel</name>
+ <email>lkundrak(a)v3.sk</email>
+ </patcher>
+ <patcher>
+ <name>Daniel P. Berrangé</name>
+ <email>berrange(a)redhat.com</email>
+ </patcher>
+ </credits>
+
+ <lifecycle>
+ <reported>20180127</reported>
+ <published>20180207</published>
+ <fixed>20180207</fixed>
+ </lifecycle>
+
+ <reference>
+ <advisory type="CVE" id="2018-6764"/>
+ </reference>
+
+ <product name="libvirt">
+ <repository>libvirt.git</repository>
+
+ <branch>
+ <name>master</name>
+ <tag state="vulnerable">v0.4.4</tag>
+ <tag state="vulnerable">v0.4.6</tag>
+ <tag state="vulnerable">v0.5.0</tag>
+ <tag state="vulnerable">v0.5.1</tag>
+ <tag state="vulnerable">v0.6.0</tag>
+ <tag state="vulnerable">v0.6.1</tag>
+ <tag state="vulnerable">v0.6.2</tag>
+ <tag state="vulnerable">v0.6.3</tag>
+ <tag state="vulnerable">v0.6.4</tag>
+ <tag state="vulnerable">v0.6.5</tag>
+ <tag state="vulnerable">v0.7.0</tag>
+ <tag state="vulnerable">v0.7.1</tag>
+ <tag state="vulnerable">v0.7.2</tag>
+ <tag state="vulnerable">v0.7.3</tag>
+ <tag state="vulnerable">v0.7.4</tag>
+ <tag state="vulnerable">v0.7.5</tag>
+ <tag state="vulnerable">v0.7.6</tag>
+ <tag state="vulnerable">v0.7.7</tag>
+ <tag state="vulnerable">v0.8.0</tag>
+ <tag state="vulnerable">v0.8.1</tag>
+ <tag state="vulnerable">v0.8.2</tag>
+ <tag state="vulnerable">v0.8.3</tag>
+ <tag state="vulnerable">v0.8.4</tag>
+ <tag state="vulnerable">v0.8.5</tag>
+ <tag state="vulnerable">v0.8.6</tag>
+ <tag state="vulnerable">v0.8.7</tag>
+ <tag state="vulnerable">v0.8.8</tag>
+ <tag state="vulnerable">v0.9.0</tag>
+ <tag state="vulnerable">v0.9.1</tag>
+ <tag state="vulnerable">v0.9.2</tag>
+ <tag state="vulnerable">v0.9.3</tag>
+ <tag state="vulnerable">v0.9.4</tag>
+ <tag state="vulnerable">v0.9.5</tag>
+ <tag state="vulnerable">v0.9.6</tag>
+ <tag state="vulnerable">v0.9.7</tag>
+ <tag state="vulnerable">v0.9.8</tag>
+ <tag state="vulnerable">v0.9.9</tag>
+ <tag state="vulnerable">v0.9.10</tag>
+ <tag state="vulnerable">v0.9.11</tag>
+ <tag state="vulnerable">v0.9.12</tag>
+ <tag state="vulnerable">v0.9.13</tag>
+ <tag state="vulnerable">v0.10.0</tag>
+ <tag state="vulnerable">v0.10.1</tag>
+ <tag state="vulnerable">v0.10.2</tag>
+ <tag state="vulnerable">v1.0.0</tag>
+ <tag state="vulnerable">v1.0.1</tag>
+ <tag state="vulnerable">v1.0.2</tag>
+ <tag state="vulnerable">v1.0.3</tag>
+ <tag state="vulnerable">v1.0.4</tag>
+ <tag state="vulnerable">v1.0.5</tag>
+ <tag state="vulnerable">v1.0.6</tag>
+ <tag state="vulnerable">v1.1.0</tag>
+ <tag state="vulnerable">v1.1.1</tag>
+ <tag state="vulnerable">v1.1.2</tag>
+ <tag state="vulnerable">v1.1.3</tag>
+ <tag state="vulnerable">v1.1.4</tag>
+ <tag state="vulnerable">v1.2.0</tag>
+ <tag state="vulnerable">v1.2.1</tag>
+ <tag state="vulnerable">v1.2.2</tag>
+ <tag state="vulnerable">v1.2.3</tag>
+ <tag state="vulnerable">v1.2.4</tag>
+ <tag state="vulnerable">v1.2.5</tag>
+ <tag state="vulnerable">v1.2.6</tag>
+ <tag state="vulnerable">v1.2.7</tag>
+ <tag state="vulnerable">v1.2.8</tag>
+ <tag state="vulnerable">v1.2.9</tag>
+ <tag state="vulnerable">v1.2.10</tag>
+ <tag state="vulnerable">v1.2.11</tag>
+ <tag state="vulnerable">v1.2.12</tag>
+ <tag state="vulnerable">v1.2.13</tag>
+ <tag state="vulnerable">v1.2.14</tag>
+ <tag state="vulnerable">v1.2.15</tag>
+ <tag state="vulnerable">v1.2.16</tag>
+ <tag state="vulnerable">v1.2.17</tag>
+ <tag state="vulnerable">v1.2.18</tag>
+ <tag state="vulnerable">v1.2.19</tag>
+ <tag state="vulnerable">v1.2.20</tag>
+ <tag state="vulnerable">v1.2.21</tag>
+ <tag state="vulnerable">v1.3.0</tag>
+ <tag state="vulnerable">v1.3.1</tag>
+ <tag state="vulnerable">v1.3.2</tag>
+ <tag state="vulnerable">v1.3.3</tag>
+ <tag state="vulnerable">v1.3.4</tag>
+ <tag state="vulnerable">v1.3.5</tag>
+ <tag state="vulnerable">v2.0.0</tag>
+ <tag state="vulnerable">v2.1.0</tag>
+ <tag state="vulnerable">v2.2.0</tag>
+ <tag state="vulnerable">v2.3.0</tag>
+ <tag state="vulnerable">v2.4.0</tag>
+ <tag state="vulnerable">v2.5.0</tag>
+ <tag state="vulnerable">v3.0.0</tag>
+ <tag state="vulnerable">v3.1.0</tag>
+ <tag state="vulnerable">v3.2.0</tag>
+ <tag state="vulnerable">v3.3.0</tag>
+ <tag state="vulnerable">v3.4.0</tag>
+ <tag state="vulnerable">v3.5.0</tag>
+ <tag state="vulnerable">v3.6.0</tag>
+ <tag state="vulnerable">v3.7.0</tag>
+ <tag state="vulnerable">v3.8.0</tag>
+ <tag state="vulnerable">v3.9.0</tag>
+ <tag state="vulnerable">v3.10.0</tag>
+ <tag state="vulnerable">v4.0.0</tag>
+ <tag state="fixed">v4.1.0</tag>
+ <change
state="vulnerable">9ae41a71ac457994b7ca975e9eec7c3fc13ac101</change>
+ <change
state="fixed">759b4d1b0fe5f4d84d98b99153dfa7ac289dd167</change>
+ <change
state="fixed">c2dc6698c88fb591639e542c8ecb0076c54f3dfb</change>
+ </branch>
+ <branch>
+ <name>v0.9.6-maint</name>
+ <tag state="vulnerable">v0.9.6.1</tag>
+ <tag state="vulnerable">v0.9.6.2</tag>
+ <tag state="vulnerable">v0.9.6.3</tag>
+ <tag state="vulnerable">v0.9.6.4</tag>
+ <change
state="vulnerable">9ae41a71ac457994b7ca975e9eec7c3fc13ac101</change>
+ </branch>
+ <branch>
+ <name>v0.9.11-maint</name>
+ <tag state="vulnerable">v0.9.11.1</tag>
+ <tag state="vulnerable">v0.9.11.2</tag>
+ <tag state="vulnerable">v0.9.11.3</tag>
+ <tag state="vulnerable">v0.9.11.4</tag>
+ <tag state="vulnerable">v0.9.11.5</tag>
+ <tag state="vulnerable">v0.9.11.6</tag>
+ <tag state="vulnerable">v0.9.11.7</tag>
+ <tag state="vulnerable">v0.9.11.8</tag>
+ <tag state="vulnerable">v0.9.11.9</tag>
+ <tag state="vulnerable">v0.9.11.10</tag>
+ <change
state="vulnerable">9ae41a71ac457994b7ca975e9eec7c3fc13ac101</change>
+ </branch>
+ <branch>
+ <name>v0.9.12-maint</name>
+ <tag state="vulnerable">v0.9.12.1</tag>
+ <tag state="vulnerable">v0.9.12.2</tag>
+ <tag state="vulnerable">v0.9.12.3</tag>
+ <change
state="vulnerable">9ae41a71ac457994b7ca975e9eec7c3fc13ac101</change>
+ </branch>
+ <branch>
+ <name>v0.10.2-maint</name>
+ <tag state="vulnerable">v0.10.2.1</tag>
+ <tag state="vulnerable">v0.10.2.2</tag>
+ <tag state="vulnerable">v0.10.2.3</tag>
+ <tag state="vulnerable">v0.10.2.4</tag>
+ <tag state="vulnerable">v0.10.2.5</tag>
+ <tag state="vulnerable">v0.10.2.6</tag>
+ <tag state="vulnerable">v0.10.2.7</tag>
+ <tag state="vulnerable">v0.10.2.8</tag>
+ <change
state="vulnerable">9ae41a71ac457994b7ca975e9eec7c3fc13ac101</change>
+ </branch>
+ <branch>
+ <name>v1.0.5-maint</name>
+ <tag state="vulnerable">v1.0.5.1</tag>
+ <tag state="vulnerable">v1.0.5.2</tag>
+ <tag state="vulnerable">v1.0.5.3</tag>
+ <tag state="vulnerable">v1.0.5.4</tag>
+ <tag state="vulnerable">v1.0.5.5</tag>
+ <tag state="vulnerable">v1.0.5.6</tag>
+ <tag state="vulnerable">v1.0.5.7</tag>
+ <tag state="vulnerable">v1.0.5.8</tag>
+ <tag state="vulnerable">v1.0.5.9</tag>
+ <change
state="vulnerable">9ae41a71ac457994b7ca975e9eec7c3fc13ac101</change>
+ </branch>
+ <branch>
+ <name>v1.1.3-maint</name>
+ <tag state="vulnerable">v1.1.3.1</tag>
+ <tag state="vulnerable">v1.1.3.2</tag>
+ <tag state="vulnerable">v1.1.3.3</tag>
+ <tag state="vulnerable">v1.1.3.4</tag>
+ <tag state="vulnerable">v1.1.3.5</tag>
+ <tag state="vulnerable">v1.1.3.6</tag>
+ <tag state="vulnerable">v1.1.3.7</tag>
+ <tag state="vulnerable">v1.1.3.8</tag>
+ <tag state="vulnerable">v1.1.3.9</tag>
+ <change
state="vulnerable">9ae41a71ac457994b7ca975e9eec7c3fc13ac101</change>
+ </branch>
+ <branch>
+ <name>v1.2.9-maint</name>
+ <tag state="vulnerable">v1.2.9.1</tag>
+ <tag state="vulnerable">v1.2.9.2</tag>
+ <tag state="vulnerable">v1.2.9.3</tag>
+ <change
state="vulnerable">9ae41a71ac457994b7ca975e9eec7c3fc13ac101</change>
+ </branch>
+ <branch>
+ <name>v1.2.13-maint</name>
+ <tag state="vulnerable">v1.2.13.1</tag>
+ <tag state="vulnerable">v1.2.13.2</tag>
+ <change
state="vulnerable">9ae41a71ac457994b7ca975e9eec7c3fc13ac101</change>
+ </branch>
+ <branch>
+ <name>v1.2.18-maint</name>
+ <tag state="vulnerable">v1.2.18.1</tag>
+ <tag state="vulnerable">v1.2.18.2</tag>
+ <tag state="vulnerable">v1.2.18.3</tag>
+ <tag state="vulnerable">v1.2.18.4</tag>
+ <change
state="vulnerable">9ae41a71ac457994b7ca975e9eec7c3fc13ac101</change>
+ </branch>
+ <branch>
+ <name>v1.3.3-maint</name>
+ <tag state="vulnerable">v1.3.3.1</tag>
+ <tag state="vulnerable">v1.3.3.2</tag>
+ <tag state="vulnerable">v1.3.3.3</tag>
+ <change
state="vulnerable">9ae41a71ac457994b7ca975e9eec7c3fc13ac101</change>
+ </branch>
+ <branch>
+ <name>v2.2-maint</name>
+ <tag state="vulnerable">v2.2.1</tag>
+ <change
state="vulnerable">9ae41a71ac457994b7ca975e9eec7c3fc13ac101</change>
+ </branch>
+ <branch>
+ <name>v3.2-maint</name>
+ <tag state="vulnerable">v3.2.1</tag>
+ <change
state="vulnerable">9ae41a71ac457994b7ca975e9eec7c3fc13ac101</change>
+ </branch>
+ </product>
+
+</security-notice>
--
2.14.3
12:27 p.m.
New subject: [libvirt] [PATCH security-notice 4/4] Add a script for generating a list of vulnerable tags & branches
It is rather tedious making the list of vulnerable tags and branches
for the security notice reports. This script takes the changeset of
the commit that first introduced the flaw and then outputs an XML
snippet listing every tag and branch which contains that vulnerable
changeset. This can be copied straight into the security notice,
meaning we just have to then fill out details of which changeset
and tag fixed the flaw.
Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com>
---
scripts/report-vulnerable-tags.pl | 108 ++++++++++++++++++++++++++++++++++++++
1 file changed, 108 insertions(+)
create mode 100644 scripts/report-vulnerable-tags.pl
diff --git a/scripts/report-vulnerable-tags.pl b/scripts/report-vulnerable-tags.pl
new file mode 100644
index 0000000..0b6ea6f
--- /dev/null
+++ b/scripts/report-vulnerable-tags.pl
@@ -0,0 +1,108 @@
+#!/usr/bin/perl
+
+use strict;
+use warnings;
+
+use Sort::Versions;
+
+if (int(@ARGV) != 1) {
+ die "syntax: $0 CHANGESET\n";
+}
+
+my $changeset = shift @ARGV;
+
+sub get_tags {
+ my @args = @_;
+
+ my @tags;
+ open GIT, "-|", "git", "tag", @args or
+ die "cannot query 'git tags @args': $!\n";
+
+ while (<GIT>) {
+ chomp;
+
+ # Drop anything except vN.N.N style tags
+ # where 'N' is only digits.
+ if (/^v(\d+)(\.\d+)+$/) {
+ push @tags, $_;
+ }
+ }
+
+ close GIT;
+
+ return @tags;
+}
+
+sub get_branch {
+ my $tag = shift;
+
+ my @branches;
+ open GIT, "-|", "git", "branch", "--all",
"--contains", $tag or
+ die "cannot query 'git branch --all --contains $tag': $!\n";
+
+ while (<GIT>) {
+ chomp;
+
+ if (m,^\s*remotes/origin/(v.*-maint)$,) {
+ push @branches, $1;
+ }
+ }
+
+ close GIT;
+
+ return @branches;
+}
+
+my @branches;
+my %tags;
+my %branches;
+
+$branches{"master"} = [];
+# Most tags live on master so lets get them first
+for my $tag (get_tags("--contains", $changeset, "--merged",
"master")) {
+ push @{$branches{"master"}}, $tag;
+ $tags{$tag} = 1;
+}
+push @branches, "master";
+
+# Now we need slower work to find branches for
+# few remaining tags
+for my $tag (get_tags("--contains", $changeset)) {
+
+ next if exists $tags{$tag};
+
+ my @tagbranches = get_branch($tag);
+ if (int(@tagbranches) == 0) {
+ if ($tag eq "v2.1.0") {
+ @tagbranches = ("master")
+ } else {
+ print "Tag $tag doesn't appear in any branch\n";
+ next;
+ }
+ }
+
+ if (int(@tagbranches) > 1) {
+ print "Tag $tag appears in multiple branches\n";
+ }
+
+ unless (exists($branches{$tagbranches[0]})) {
+ $branches{$tagbranches[0]} = [];
+ push @branches, $tagbranches[0];
+ }
+ push @{$branches{$tagbranches[0]}}, $tag;
+}
+
+
+foreach my $branch (sort versioncmp @branches) {
+ print " <branch>\n";
+ print " <name>$branch</name>\n";
+ foreach my $tag (sort versioncmp @{$branches{$branch}}) {
+ print " <tag
state=\"vulnerable\">$tag</tag>\n";
+ }
+ print " <change
state=\"vulnerable\">$changeset</change>\n";
+
+ if ($branch eq "master") {
+ print " <change state=\"fixed\"></change>\n";
+ }
+ print " </branch>\n";
+}
--
2.14.3
2450
days inactive
2450
days old
4 comments
1 participants
participants (1)
-
Daniel P. Berrangé