Debian Package Tracker

From: Guido Günther <agx@sigxcpu.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted libvirt 5.0.0-4 (source) into unstable
Date: Thu, 20 Jun 2019 22:10:33 +0000
Signed by: Salvatore Bonaccorso <salvatore.bonaccorso@gmail.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 17 Jun 2019 19:05:40 +0200
Source: libvirt
Architecture: source
Version: 5.0.0-4
Distribution: unstable
Urgency: medium
Maintainer: Debian Libvirt Maintainers <pkg-libvirt-maintainers@lists.alioth.debian.org>
Changed-By: Guido Günther <agx@sigxcpu.org>
Closes: 930100
Changes:
 libvirt (5.0.0-4) unstable; urgency=medium
 .
   * [0fdc2af] Fix multiple CVEs related to privilege escalations on R/O
     connections.
     - CVE-2019-10161:
       CVE-2019-10161-api-disallow-virDomainSaveImageGetXMLDesc-.patch
     - CVE-2019-10166:
       api-disallow-virDomainManagedSaveDefineXML-on-read-only-c.patch
     - CVE-2019-10167:
       api-disallow-virConnectGetDomainCapabilities-on-read-only.patch
     - CVE-2019-10168:
       api-disallow-virConnect-HypervisorCPU-on-read-only-connec.patch
   * Include /etc/pki/qemu in apparmor (Closes: #930100)
Checksums-Sha1:
 aec2883d91b08575995d05d18238730bf131b259 4508 libvirt_5.0.0-4.dsc
 32e517198bf0874825bd5f2276e4cda938e87aff 78488 libvirt_5.0.0-4.debian.tar.xz
 4c21de988a73071fb40ab12151b1b8e6f2285478 19640 libvirt_5.0.0-4_amd64.buildinfo
Checksums-Sha256:
 53d8d101e2d9ca9c538531132b5ae8991594186e80bf8a61069834b74d3c41dc 4508 libvirt_5.0.0-4.dsc
 70bf74be8aebe1418f4e09d7360c7c7d7d1fc3235fe71114e1c75b73d17545bd 78488 libvirt_5.0.0-4.debian.tar.xz
 fc703a7674cf6c4404f5972ebc50dd5a06de58ee94d54aafc3e191b4c718e43e 19640 libvirt_5.0.0-4_amd64.buildinfo
Files:
 3665cba74b3613bef7c3599af74e3ae4 4508 libs optional libvirt_5.0.0-4.dsc
 08647aff81a475cfb013727c7128fc0a 78488 libs optional libvirt_5.0.0-4.debian.tar.xz
 04408a567bc1cb132bee7f15d489c918 19640 libs optional libvirt_5.0.0-4_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl0L/+RfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EikQP/0UsvG9rIaB3PogJckx0rJW5i150NQNO
rXC3GdukFA9OidT+dlEJaFox4hgXtVMd5BLW0xk11w2PTcg+dbCM9gDNreBS+SVH
d3YvcaeriPVgf3TgYPcwMqfGZk2rnE4gt4CYlrtJMhqjejNwxSg4zg6JRfDVEq+i
wcWGyA8V3l2sWG/FrnlN8SWagx0JKkgd4Xr3BMV13xVw2Lf370npd8ENHteV7PtN
A9o+57rhZaSznvsfi655V2AVqP6RVPVP3la49iM3IZKgompvBZ2+It6quLQ9F75a
glpZ+Hjz6dJ8tRDYK6jT9rqwO1TNVgjQSyEFNEM81E+5AexK3VL0TphEhEOoaW6b
xMZQiEOcSxFyfDTC5KUuBzHM8NcvqZV95ZNVJGl3QL7uTPwGdVI/8mZFucCFhXJ8
MIA+mbMJ6CYTTE3KVN6evLGt++16ICtsGCaSN57NTbCeOjEGanWow2EK6XcCDTWV
X6KSPtonEE9tfmn1f3AeaspYx9Ze6TN/o8+VbGacvrpXfEAky1iEa5Q/3IeTtJPQ
TJVxcWOwenj9Q4KILSG+uUX5pW+BzBD1wIwndNTKIBMOizy+PnPbAju0OhMHeyE2
hSlPBnEh/VTEYG6SeNXgKWuCoD8uikdK+W4tXvfhrFlZSIJGTOYwbBUzuOQS2nCI
RVPrPXLBkLqq
=CSYG
-----END PGP SIGNATURE-----
News for package libvirt
