[MEDIUM] Patch libvirt for CVE-2024-4418 #13811
Open
+49
−1
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
microsoft-github-policy-service
bot
added
Packaging
3.0-dev
kgodara912
reviewed
May 16, 2025
There was a problem hiding this comment.
Buddy build. Patch exactly matches with upstream reference.
Kanishk-Bansal
requested changes
May 16, 2025
There was a problem hiding this comment.
- Buddy Build
- patch applied during the build (check
rpm.log)Patch applies cleanly - patch include an upstream reference
- PR has security tag
@Kanishk-Bansal I didn't quite get it, could you please throw some light, I don't see any license check failures. Thanks! |
Kanishk-Bansal
force-pushed
the
v-anipradhan/libvirt/CVE-2024-4418
branch
2 times, most recently
from
352dbf6 to
d7f1101
Compare
|
Waiting for @kgodara912 's review requested by @Kanishk-Bansal |
kgodara912
reviewed
May 27, 2025
SPECS/libvirt/libvirt.spec
Outdated
| @@ -1711,7 +1712,7 @@ exit 0 | |||
|
|
|||
| %files docs | |||
| %doc AUTHORS.rst NEWS.rst README.rst | |||
| %doc libvirt-docs/* | |||
| %license libvirt-docs/html/fonts/LICENSE.rst | |||
There was a problem hiding this comment.
This change is not correct as it will remove all the docs from docs rpm (size reduced from 2MB to 100kb), we will see how to use exclude and packages to properly get license and docs both.
kgodara912
requested changes
May 27, 2025
Kanishk-Bansal
force-pushed
the
v-anipradhan/libvirt/CVE-2024-4418
branch
from
d7f1101 to
38a2ab4
Compare
Kanishk-Bansal
approved these changes
May 27, 2025
aninda-al
force-pushed
the
v-anipradhan/libvirt/CVE-2024-4418
branch
from
38a2ab4 to
f8476e8
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Merge Checklist
All boxes should be checked before merging the PR (just tick any boxes which don't apply to this PR)
*-staticsubpackages, etc.) have had theirReleasetag incremented../cgmanifest.json,./toolkit/scripts/toolchain/cgmanifest.json,.github/workflows/cgmanifest.json)./LICENSES-AND-NOTICES/SPECS/data/licenses.json,./LICENSES-AND-NOTICES/SPECS/LICENSES-MAP.md,./LICENSES-AND-NOTICES/SPECS/LICENSE-EXCEPTIONS.PHOTON)*.signatures.jsonfilessudo make go-tidy-allandsudo make go-test-coveragepassSummary
Addresses libvirt CVE-2024-4418
Patch file: https://gitlab.com/libvirt/libvirt/-/commit/8074d64dc2eca846d6a61efe1a9b7428a0ce1dd1
Change Log
Does this affect the toolchain?
NO
Associated issues
Links to CVEs
Test Methodology