libvirt - Debian Package Tracker

general

source: libvirt (main)
version: 11.9.0-2
maintainer: Debian Libvirt Maintainers (archive) (DMD)
uploaders: Guido Günther [DMD] – Andrea Bolognani [DMD]
arch: all any
std-ver: 4.7.2
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 7.0.0-3+deb11u3
o-o-p-u: 7.0.0-3+deb11u3
oldstable: 9.0.0-4+deb12u2
old-bpo: 11.3.0-2~bpo12+1
stable: 11.3.0-3+deb13u1
testing: 11.9.0-2
unstable: 11.9.0-2

versioned links

7.0.0-3+deb11u3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
9.0.0-4+deb12u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
11.3.0-2~bpo12+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
11.3.0-3+deb13u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
11.9.0-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libnss-libvirt
libvirt-clients (14 bugs: 0, 10, 4, 0)
libvirt-clients-qemu
libvirt-common
libvirt-daemon (59 bugs: 1, 48, 10, 0)
libvirt-daemon-common
libvirt-daemon-config-network
libvirt-daemon-config-nwfilter (1 bugs: 0, 1, 0, 0)
libvirt-daemon-driver-interface
libvirt-daemon-driver-lxc (1 bugs: 0, 1, 0, 0)
libvirt-daemon-driver-network
libvirt-daemon-driver-nodedev
libvirt-daemon-driver-nwfilter
libvirt-daemon-driver-qemu (3 bugs: 0, 2, 1, 0)
libvirt-daemon-driver-secret
libvirt-daemon-driver-storage
libvirt-daemon-driver-storage-disk
libvirt-daemon-driver-storage-gluster
libvirt-daemon-driver-storage-iscsi
libvirt-daemon-driver-storage-iscsi-direct (1 bugs: 0, 1, 0, 0)
libvirt-daemon-driver-storage-logical
libvirt-daemon-driver-storage-mpath
libvirt-daemon-driver-storage-rbd
libvirt-daemon-driver-storage-scsi
libvirt-daemon-driver-storage-zfs
libvirt-daemon-driver-vbox
libvirt-daemon-driver-xen
libvirt-daemon-lock
libvirt-daemon-log
libvirt-daemon-plugin-lockd
libvirt-daemon-plugin-sanlock
libvirt-daemon-system (33 bugs: 0, 28, 5, 0)
libvirt-daemon-system-systemd (1 bugs: 0, 1, 0, 0)
libvirt-daemon-system-sysv
libvirt-dev
libvirt-doc
libvirt-l10n
libvirt-login-shell
libvirt-sanlock
libvirt-ssh-proxy
libvirt-wireshark
libvirt0 (15 bugs: 0, 15, 0, 0)

action needed

A new upstream version is available: 11.10.0-rc1 high

A new upstream version 11.10.0-rc1 is available, you should consider packaging it.

Created: 2025-11-27 Last update: 2025-11-28 21:30

2 security issues in sid high

There are 2 open security issues in sid.

2 important issues:

CVE-2025-12748: A flaw was discovered in libvirt in the XML file processing. More specifically, the parsing of user provided XML files was performed before the ACL checks. A malicious user with limited permissions could exploit this flaw by submitting a specially crafted XML file, causing libvirt to allocate too much memory on the host. The excessive memory consumption could lead to a libvirt process crash on the host, resulting in a denial-of-service condition.
CVE-2025-13193: A flaw was found in libvirt. External inactive snapshots for shut-down VMs are incorrectly created as world-readable, making it possible for unprivileged users to inspect the guest OS contents. This results in an information disclosure vulnerability.

Created: 2025-11-12 Last update: 2025-11-28 17:00

2 security issues in forky high

There are 2 open security issues in forky.

2 important issues:

CVE-2025-12748: A flaw was discovered in libvirt in the XML file processing. More specifically, the parsing of user provided XML files was performed before the ACL checks. A malicious user with limited permissions could exploit this flaw by submitting a specially crafted XML file, causing libvirt to allocate too much memory on the host. The excessive memory consumption could lead to a libvirt process crash on the host, resulting in a denial-of-service condition.
CVE-2025-13193: A flaw was found in libvirt. External inactive snapshots for shut-down VMs are incorrectly created as world-readable, making it possible for unprivileged users to inspect the guest OS contents. This results in an information disclosure vulnerability.

Created: 2025-11-12 Last update: 2025-11-28 17:00

6 bugs tagged patch in the BTS normal

The BTS contains patches fixing 6 bugs, consider including or untagging them.

Created: 2025-01-06 Last update: 2025-11-28 22:30

Depends on packages which need a new maintainer normal

The packages that libvirt depends on which need a new maintainer are:

systemtap (#1114760)
- Suggests: systemtap
- Build-Depends: systemtap-sdt-dev

Created: 2025-09-09 Last update: 2025-11-28 21:31

lintian reports 1 warning normal

Lintian reports 1 warning about this package. You should make the package lintian clean getting rid of them.

Created: 2025-11-09 Last update: 2025-11-09 09:30

3 open merge requests in Salsa normal

There are 3 open merge requests for this package on Salsa. You should consider reviewing and/or merging these merge requests.

Created: 2025-09-22 Last update: 2025-11-05 00:00

1 low-priority security issue in bookworm low

There is 1 open security issue in bookworm.

1 issue left for the package maintainer to handle:

CVE-2025-12748: (needs triaging) A flaw was discovered in libvirt in the XML file processing. More specifically, the parsing of user provided XML files was performed before the ACL checks. A malicious user with limited permissions could exploit this flaw by submitting a specially crafted XML file, causing libvirt to allocate too much memory on the host. The excessive memory consumption could lead to a libvirt process crash on the host, resulting in a denial-of-service condition.

You can find information about how to handle this issue in the security team's documentation.

Created: 2025-11-12 Last update: 2025-11-28 17:00

news

[rss feed]

[2025-11-12] libvirt 11.9.0-2 MIGRATED to testing (Debian testing watch)
[2025-11-08] Accepted libvirt 11.9.0-2 (source) into unstable (Andrea Bolognani)
[2025-11-07] libvirt 11.9.0-1 MIGRATED to testing (Debian testing watch)
[2025-11-04] Accepted libvirt 11.9.0-1 (source) into unstable (Andrea Bolognani)
[2025-11-02] Accepted libvirt 11.3.0-3+deb13u1 (source) into proposed-updates (Debian FTP Masters) (signed by: Andrea Bolognani)
[2025-10-28] libvirt 11.8.0-2 MIGRATED to testing (Debian testing watch)
[2025-10-18] Accepted libvirt 11.8.0-2 (source) into unstable (Andrea Bolognani)
[2025-10-10] libvirt 11.8.0-1 MIGRATED to testing (Debian testing watch)
[2025-10-07] Accepted libvirt 11.8.0-1 (source) into unstable (Andrea Bolognani)
[2025-09-06] libvirt 11.7.0-1 MIGRATED to testing (Debian testing watch)
[2025-09-02] Accepted libvirt 11.7.0-1 (source) into unstable (Andrea Bolognani)
[2025-08-02] Accepted libvirt 11.6.0-1 (source) into experimental (Andrea Bolognani)
[2025-07-09] libvirt 11.3.0-3 MIGRATED to testing (Debian testing watch)
[2025-07-04] Accepted libvirt 11.5.0-1 (source) into experimental (Andrea Bolognani)
[2025-07-03] Accepted libvirt 11.3.0-3 (source) into unstable (Andrea Bolognani)
[2025-07-03] Accepted libvirt 11.3.0-2~bpo12+1 (source amd64 all) into stable-backports (Debian FTP Masters) (signed by: Vasudev Sathish Kamath)
[2025-06-09] Accepted libvirt 11.4.0-1 (source) into experimental (Andrea Bolognani)
[2025-06-08] libvirt 11.3.0-2 MIGRATED to testing (Debian testing watch)
[2025-06-02] Accepted libvirt 11.3.0-2 (source) into unstable (Andrea Bolognani)
[2025-05-15] libvirt 11.3.0-1 MIGRATED to testing (Debian testing watch)
[2025-05-04] Accepted libvirt 11.3.0-1 (source) into unstable (Andrea Bolognani)
[2025-04-22] Accepted libvirt 11.2.0-3 (source) into experimental (Andrea Bolognani)
[2025-04-11] libvirt 11.2.0-2 MIGRATED to testing (Debian testing watch)
[2025-04-08] Accepted libvirt 11.2.0-2 (source) into unstable (Andrea Bolognani)
[2025-04-07] libvirt 11.2.0-1 MIGRATED to testing (Debian testing watch)
[2025-04-04] Accepted libvirt 11.2.0-1 (source) into unstable (Andrea Bolognani)
[2025-03-26] Accepted libvirt 11.1.0-2 (source) into experimental (Andrea Bolognani)
[2025-03-12] libvirt 11.1.0-1 MIGRATED to testing (Debian testing watch)
[2025-03-06] Accepted libvirt 11.1.0-1 (source) into unstable (Andrea Bolognani)
[2025-02-07] libvirt 11.0.0-2 MIGRATED to testing (Debian testing watch)

bugs [bug history graph]

all: 193 199
RC: 1
I&N: 149 155
M&W: 43
F&P: 0
patch: 6

links

homepage
lintian (0, 1)
buildd: logs, reproducibility, cross
popcon
browse source code
edit tags
other distros
security tracker
l10n (100, 35)
debian patches
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 11.6.0-1ubuntu6
138 bugs (4 patches)
patches for 11.6.0-1ubuntu6