Ubuntu has issued an advisory on March 14:
The issue is fixed upstream in 5.0.0.
Assigning to all packagers collectively, since there is no registered maintainer for this package.
Also CC'ing some committers.
mageia, marja11, mrambo, rverschelde, thierry.vignaud
The updated packages fix a security vulnerability:
NULL pointer dereference after running qemuAgentCommand in qemuAgentGetInterfaces function. (CVE-2019-3840)
Updated packages in core/updates_testing:
Just cloned and installed 2 VMs (Mga 6 Plasma, Mga 6 Gnome) under Qemu/KVM.
Display: Spice, Video model: Virtio, Network Bridge: enp14s0: macvtap.
No regression found.
lib64virt0.x86_64 3.10.0-1.5.mga6 @updates_testing-x86_64
libvirt-utils.x86_64 3.10.0-1.5.mga6 @updates_testing-x86_64
lib64virt-devel.x86_64 3.10.0-1.5.mga6 updates_testing-x86_64
libvirt-docs.x86_64 3.10.0-1.5.mga6 updates_testing-x86_64
wireshark-libvirt.x86_64 3.10.0-1.5.mga6 updates_testing-x86_64
(In reply to Nicolas Salguero from comment #2)
> Suggested advisory:
> The updated packages fix a security vulnerability:
> NULL pointer dereference after running qemuAgentCommand in
> qemuAgentGetInterfaces function. (CVE-2019-3840)
As there are no other takers, I validate the update myself.
Advisory as suggested.
(In reply to Ulrich Beckmann from comment #4)
> As there are no other takers, I validate the update myself.
> Advisory as suggested.
Thanks. Please note though, that the advisory keyword should only be added when
the advisory has been committed to svn, as I've now done for this bug report.
When the advisory keyword has been added, an asterisk is added after the bug
number in http://madb.mageia.org/tools/updates
Adding the keyword before the advisory has been committed to svn causes a delay,
as I or others that can commit advisories to svn think it's already been done.
The procedure used to push updates from the testing repo to the updates repo
uses the advisory from svn to select which source rpm packages to include in
An update for this issue has been pushed to the Mageia Updates repository.