We have just published Qubes Security Bulletin (QSB) 066:
XML injection through libvirt domain configuration.
The text of this QSB is reproduced below. This QSB and its accompanying
signatures will always be available in the Qubes Security Pack (qubes-secpack).
View QSB-066 in the qubes-secpack:
Learn about the qubes-secpack, including how to obtain, verify, and read it:
View all past QSBs:
---===[ Qubes Security Bulletin 066 ]===---
XML injection through libvirt domain configuration