25048 – virt-manager new security issue CVE-2019-10183

Bug 25048 - virt-manager new security issue CVE-2019-10183

Summary: virt-manager new security issue CVE-2019-10183

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	Cauldron
Hardware:	All Linux

Priority:	Normal Severity: normal
Target Milestone:	---
Assignee:	Mageia Bug Squad
QA Contact:	Sec team

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2019-07-04 20:58 CEST by David Walser
Modified:	2020-11-16 18:00 CET (History)
CC List:	2 users (show)

See Also:
Source RPM:	virt-manager-2.2.0-1.mga8.src.rpm
CVE:
Status comment:	Patch is available

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2019-07-04 20:58:13 CEST

A security issue in virt-manager has been announced on July 3:
https://www.openwall.com/lists/oss-security/2019/07/03/1

The message above contains a link to a patch to fix it.

The issue was introduced in 2.2.0; older versions are not affected.

David Walser 2020-01-14 18:19:36 CET

Status comment: (none) => Patch is available

Comment 1 Buchan Milne 2020-11-15 11:24:03 CET

Cauldron was update to 2.2.1 at Thu Jul 4 11:38:12 2019 UTC:

http://svnweb.mageia.org/packages?view=revision&revision=1418407

I think this can be resolved?

Ever confirmed: 1 => 0
Status: NEW => UNCONFIRMED
CC: (none) => bgmilne
Assignee: thierry.vignaud => bugsquad

Comment 2 David Walser 2020-11-15 13:19:55 CET

Cauldron has 3.1.0 now.

Resolution: (none) => FIXED
Status: UNCONFIRMED => RESOLVED

Comment 3 Thierry Vignaud 2020-11-16 18:00:22 CET

3.2.0 actually :-)

CC: (none) => thierry.vignaud

Note You need to log in before you can comment on or make changes to this bug.