libvirt - Debian Package Tracker

general

source: libvirt (main)
version: 11.9.0-2
maintainer: Debian Libvirt Maintainers (archive) (DMD)
uploaders: Guido Günther [DMD] – Andrea Bolognani [DMD]
arch: all any
std-ver: 4.7.2
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 7.0.0-3+deb11u3
o-o-p-u: 7.0.0-3+deb11u3
oldstable: 9.0.0-4+deb12u2
old-bpo: 11.3.0-2~bpo12+1
stable: 11.3.0-3+deb13u1
stable-p-u: 11.3.0-3+deb13u1
testing: 11.9.0-2
unstable: 11.9.0-2

versioned links

7.0.0-3+deb11u3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
9.0.0-4+deb12u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
11.3.0-2~bpo12+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
11.3.0-3+deb13u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
11.9.0-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libnss-libvirt
libvirt-clients (14 bugs: 0, 10, 4, 0)
libvirt-clients-qemu
libvirt-common
libvirt-daemon (59 bugs: 1, 48, 10, 0)
libvirt-daemon-common
libvirt-daemon-config-network
libvirt-daemon-config-nwfilter (1 bugs: 0, 1, 0, 0)
libvirt-daemon-driver-interface
libvirt-daemon-driver-lxc (1 bugs: 0, 1, 0, 0)
libvirt-daemon-driver-network
libvirt-daemon-driver-nodedev
libvirt-daemon-driver-nwfilter
libvirt-daemon-driver-qemu (3 bugs: 0, 2, 1, 0)
libvirt-daemon-driver-secret
libvirt-daemon-driver-storage
libvirt-daemon-driver-storage-disk
libvirt-daemon-driver-storage-gluster
libvirt-daemon-driver-storage-iscsi
libvirt-daemon-driver-storage-iscsi-direct (1 bugs: 0, 1, 0, 0)
libvirt-daemon-driver-storage-logical
libvirt-daemon-driver-storage-mpath
libvirt-daemon-driver-storage-rbd
libvirt-daemon-driver-storage-scsi
libvirt-daemon-driver-storage-zfs
libvirt-daemon-driver-vbox
libvirt-daemon-driver-xen
libvirt-daemon-lock
libvirt-daemon-log
libvirt-daemon-plugin-lockd
libvirt-daemon-plugin-sanlock
libvirt-daemon-system (33 bugs: 0, 28, 5, 0)
libvirt-daemon-system-systemd (1 bugs: 0, 1, 0, 0)
libvirt-daemon-system-sysv
libvirt-dev
libvirt-doc
libvirt-l10n
libvirt-login-shell
libvirt-sanlock
libvirt-ssh-proxy
libvirt-wireshark
libvirt0 (14 bugs: 0, 14, 0, 0)

action needed

2 security issues in sid high

There are 2 open security issues in sid.

2 important issues:

CVE-2025-12748: A flaw was discovered in libvirt in the XML file processing. More specifically, the parsing of user provided XML files was performed before the ACL checks. A malicious user with limited permissions could exploit this flaw by submitting a specially crafted XML file, causing libvirt to allocate too much memory on the host. The excessive memory consumption could lead to a libvirt process crash on the host, resulting in a denial-of-service condition.
CVE-2025-13193: A flaw was found in libvirt. External inactive snapshots for shut-down VMs are incorrectly created as world-readable, making it possible for unprivileged users to inspect the guest OS contents. This results in an information disclosure vulnerability.

Created: 2025-11-12 Last update: 2025-11-18 05:31

2 security issues in forky high

There are 2 open security issues in forky.

2 important issues:

CVE-2025-12748: A flaw was discovered in libvirt in the XML file processing. More specifically, the parsing of user provided XML files was performed before the ACL checks. A malicious user with limited permissions could exploit this flaw by submitting a specially crafted XML file, causing libvirt to allocate too much memory on the host. The excessive memory consumption could lead to a libvirt process crash on the host, resulting in a denial-of-service condition.
CVE-2025-13193: A flaw was found in libvirt. External inactive snapshots for shut-down VMs are incorrectly created as world-readable, making it possible for unprivileged users to inspect the guest OS contents. This results in an information disclosure vulnerability.

Created: 2025-11-12 Last update: 2025-11-18 05:31

Depends on packages which need a new maintainer normal

The packages that libvirt depends on which need a new maintainer are:

systemtap (#1114760)
- Suggests: systemtap
- Build-Depends: systemtap-sdt-dev

Created: 2025-09-09 Last update: 2025-11-18 09:00

6 bugs tagged patch in the BTS normal

The BTS contains patches fixing 6 bugs, consider including or untagging them.

Created: 2025-01-06 Last update: 2025-11-18 08:30

lintian reports 1 warning normal

Lintian reports 1 warning about this package. You should make the package lintian clean getting rid of them.

Created: 2025-11-09 Last update: 2025-11-09 09:30

3 open merge requests in Salsa normal

There are 3 open merge requests for this package on Salsa. You should consider reviewing and/or merging these merge requests.

Created: 2025-09-22 Last update: 2025-11-05 00:00

2 low-priority security issues in trixie low

There are 2 open security issues in trixie.

2 issues left for the package maintainer to handle:

CVE-2025-12748: (needs triaging) A flaw was discovered in libvirt in the XML file processing. More specifically, the parsing of user provided XML files was performed before the ACL checks. A malicious user with limited permissions could exploit this flaw by submitting a specially crafted XML file, causing libvirt to allocate too much memory on the host. The excessive memory consumption could lead to a libvirt process crash on the host, resulting in a denial-of-service condition.
CVE-2025-13193: (needs triaging) A flaw was found in libvirt. External inactive snapshots for shut-down VMs are incorrectly created as world-readable, making it possible for unprivileged users to inspect the guest OS contents. This results in an information disclosure vulnerability.

You can find information about how to handle these issues in the security team's documentation.

Created: 2025-11-12 Last update: 2025-11-18 05:31

1 low-priority security issue in bookworm low

There is 1 open security issue in bookworm.

1 issue left for the package maintainer to handle:

CVE-2025-12748: (needs triaging) A flaw was discovered in libvirt in the XML file processing. More specifically, the parsing of user provided XML files was performed before the ACL checks. A malicious user with limited permissions could exploit this flaw by submitting a specially crafted XML file, causing libvirt to allocate too much memory on the host. The excessive memory consumption could lead to a libvirt process crash on the host, resulting in a denial-of-service condition.

You can find information about how to handle this issue in the security team's documentation.

Created: 2025-11-12 Last update: 2025-11-18 05:31

news

[rss feed]

[2025-11-12] libvirt 11.9.0-2 MIGRATED to testing (Debian testing watch)
[2025-11-08] Accepted libvirt 11.9.0-2 (source) into unstable (Andrea Bolognani)
[2025-11-07] libvirt 11.9.0-1 MIGRATED to testing (Debian testing watch)
[2025-11-04] Accepted libvirt 11.9.0-1 (source) into unstable (Andrea Bolognani)
[2025-11-02] Accepted libvirt 11.3.0-3+deb13u1 (source) into proposed-updates (Debian FTP Masters) (signed by: Andrea Bolognani)
[2025-10-28] libvirt 11.8.0-2 MIGRATED to testing (Debian testing watch)
[2025-10-18] Accepted libvirt 11.8.0-2 (source) into unstable (Andrea Bolognani)
[2025-10-10] libvirt 11.8.0-1 MIGRATED to testing (Debian testing watch)
[2025-10-07] Accepted libvirt 11.8.0-1 (source) into unstable (Andrea Bolognani)
[2025-09-06] libvirt 11.7.0-1 MIGRATED to testing (Debian testing watch)
[2025-09-02] Accepted libvirt 11.7.0-1 (source) into unstable (Andrea Bolognani)
[2025-08-02] Accepted libvirt 11.6.0-1 (source) into experimental (Andrea Bolognani)
[2025-07-09] libvirt 11.3.0-3 MIGRATED to testing (Debian testing watch)
[2025-07-04] Accepted libvirt 11.5.0-1 (source) into experimental (Andrea Bolognani)
[2025-07-03] Accepted libvirt 11.3.0-3 (source) into unstable (Andrea Bolognani)
[2025-07-03] Accepted libvirt 11.3.0-2~bpo12+1 (source amd64 all) into stable-backports (Debian FTP Masters) (signed by: Vasudev Sathish Kamath)
[2025-06-09] Accepted libvirt 11.4.0-1 (source) into experimental (Andrea Bolognani)
[2025-06-08] libvirt 11.3.0-2 MIGRATED to testing (Debian testing watch)
[2025-06-02] Accepted libvirt 11.3.0-2 (source) into unstable (Andrea Bolognani)
[2025-05-15] libvirt 11.3.0-1 MIGRATED to testing (Debian testing watch)
[2025-05-04] Accepted libvirt 11.3.0-1 (source) into unstable (Andrea Bolognani)
[2025-04-22] Accepted libvirt 11.2.0-3 (source) into experimental (Andrea Bolognani)
[2025-04-11] libvirt 11.2.0-2 MIGRATED to testing (Debian testing watch)
[2025-04-08] Accepted libvirt 11.2.0-2 (source) into unstable (Andrea Bolognani)
[2025-04-07] libvirt 11.2.0-1 MIGRATED to testing (Debian testing watch)
[2025-04-04] Accepted libvirt 11.2.0-1 (source) into unstable (Andrea Bolognani)
[2025-03-26] Accepted libvirt 11.1.0-2 (source) into experimental (Andrea Bolognani)
[2025-03-12] libvirt 11.1.0-1 MIGRATED to testing (Debian testing watch)
[2025-03-06] Accepted libvirt 11.1.0-1 (source) into unstable (Andrea Bolognani)
[2025-02-07] libvirt 11.0.0-2 MIGRATED to testing (Debian testing watch)

bugs [bug history graph]

all: 192 198
RC: 1
I&N: 148 154
M&W: 43
F&P: 0
patch: 6

links

homepage
lintian (0, 1)
buildd: logs, reproducibility, cross
popcon
browse source code
edit tags
other distros
security tracker
l10n (100, 35)
debian patches
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 11.6.0-1ubuntu6
137 bugs (4 patches)
patches for 11.6.0-1ubuntu6