[CentOS-virt] CVE-2015-7835

Thu Nov 5 11:55:24 UTC 2015
George Dunlap <dunlapg at umich.edu>

On Wed, Nov 4, 2015 at 4:11 PM, Jens Larsson <jens at nsc.liu.se> wrote:
>>> There was new packages (4.4.3-3) released on Oct 29, but they don't
>>> address the CVE-2015-7835 problems. Does anyone have news about a
>>> rebuild with this fix applied? Or should we make our own build?
>> Actually they do includu CVE-2015-7835 (aka XSA-148) -- I just made a
>> mistake when I made the changelog.  Sorry about that.
>>  -George
> Ah, I thought I was careful before posting and even checked the source
> RPM. But of course I did it wrong. The patch is there all right...
> Sorry for the noise. And thanks for all the good work on this project!

No problem -- definitely rather err on the side of "unnecessary noise"
rather than "missed an important security update". :-)