Chrisen,

Chris Marusich 写道：
> In the meantime, should we revert to version 5.4.0 in Guix?  I'm 
> not
> sure if there are any security vulnerabilities between 5.4.0 and 
> the
> most recent release, but this bug is currently preventing me 
> from
> creating any VMs at all in Guix using virt-manager, which is 
> pretty bad.

Yes! (which is why I originally updated this package):

  v5.5.0 (2019-07-02)
    Security
        api: Prevent access to several APIs over read-only 
        connections
            Certain APIs give root-equivalent access to the host, 
            and as
            such should be limited to privileged 
            users. CVE-2019-10161,
            CVE-2019-10166, CVE-2019-10167, CVE-2019-10168.

  ­ https://libvirt.org/news.html

It might be easy to backport.  I didn't try, and I no longer use 
libvirt myself.

What's weird (maybe; I haven't kept up with the thread) is that I 
used libvirt 5.5.0 (and yes, it was 5.5.0) for a while without 
problems.  I don't remember whether I created any *new* VMs, 
though.

Kind regards,

T G-R