Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <51D1F594.1000209@redhat.com>
Date: Mon, 01 Jul 2013 15:33:08 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: Eric Blake <eblake@...hat.com>
CC: oss-security@...ts.openwall.com, libvirt-security@...hat.com
Subject: Re: [Libvirt-Security] CVE-2013-2218 -- libvirt: crash
 when listing network interfaces with filters

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 07/01/2013 01:06 PM, Eric Blake wrote:
> On 07/01/2013 12:49 PM, Kurt Seifried wrote:
>> On 07/01/2013 09:21 AM, Petr Matousek wrote:
>>> The virConnectListAllInterfaces method has a double-free of the
>>>  'struct netcf_if' object when any of the filtering flags cause
>>> an interface to be skipped over. For example when running the
>>> command 'virsh iface-list --inactive'
>> 
>>> Upstream fix: 
>>> http://libvirt.org/git/?p=libvirt.git;a=commit;h=244e0b8cf15ca2ef48d82058e728656e6c4bad11
>>
>>>
>>> 
References: https://bugzilla.redhat.com/show_bug.cgi?id=980112
>> 
>>> Thanks,
>> 
>> 
>> Please use CVE-2013-2229 for this issue.
> 
> No, we already assigned CVE-2013-2218 to this issue.
> CVE-2013-2229 should be closed as a mistake, or reused for some
> other purpose.

Sorry that was really bad of me, totally didn't read the email, just
saw from Jan and though "derp. needs a cve". Please REJECT
CVE-2013-2229, duplicate assignment because Kurt isn't smarter than
the average bear.


- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iQIcBAEBAgAGBQJR0fWUAAoJEBYNRVNeJnmTgjEP/37CuvtbfytgGLsuk41HYLXq
9i+h0nkvneoqfaad/x/c6nBUfD5zKW4bTmN6WraNAA3qbr+skpxkI8kTnnsYrI9v
99sEZiR/YFbZpu/by2GdECbA5WnY7jPIirYHMkVP2aW3DSXCJd/HSiIwwz86vasu
ZkVKiRdOutNs7XUxpFLhv0XNt8vKzBXFbgSdz9taigBUzY1ZnsSfMN1GauY6WZuD
4Xsf52WIWykeubH3MBbLSqyDp5kc6BxoKIbJv/h5kwp1kQEGLtIoCQNuByc3dAiA
w9egS6GffCrdROSbue0pedgmkJux1DvKW5H+0kR4eaKi09pIq/9KMZMgoZeD3z2A
PTMl4DTRtE62toMjtlcypVWz3rcsF0lZyeVooEC/rdxQLp7+FtVrTtyv6a4Q9Qnz
viAn0DnUXo1P8td/ORrt17jRZWrEEhIkDuFJKiFdocQ/JWNjcJO9aP7nq0Lgp8XS
Y7Z49g5sHdQNCpl9jsJFMnvMpy7Ng9r4jehI4t4xO9WDS2WJOV2BBjklM9JQUPPw
1db0A+5a4vUaix2M1cKkAt+1NCijdR0umD37YF1sBdAY48eIIB2vRLbuXZImxtQT
Q0OWEQCYd3By8d9XtDsyljPVZ2XwgQUzXs4qHnKHNgSUmXcLugTUjdRl07jjbmc2
ntG3o0jkx3w7vNWN87EA
=Ispm
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.