|
Message-ID: <20110601154308.GC13831@dhcp-25-225.brq.redhat.com> Date: Wed, 1 Jun 2011 17:43:09 +0200 From: Petr Matousek <pmatouse@...hat.com> To: oss-security@...ts.openwall.com Cc: coley@...us.mitre.org Subject: CVE request -- libvirt: regression introduced in disk probe logic Hello Steve, vendors. Description: Regression introduced in commit d6623003 (v0.8.8) - using the wrong sizeof operand meant that security manager private data was overlaying the allowDiskFOrmatProbing member of struct _virSecurityManager. This reopens disk probing, which was supposed to be prevented by the solution to CVE-2010-2238. References: https://www.redhat.com/archives/libvir-list/2011-May/msg01935.html https://bugzilla.redhat.com/show_bug.cgi?id=709769 Could you please allocate a CVE identifier for this issue? Thank you, -- Petr Matousek / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.