|
|
|
|
|
|
|
|
|
|
xen-users
Hi, I'm trying to verify that the Xen I'm running is patched against
the all the known published bugs. I'm running Fedora 7, which means
I'm running Xen 3.1.2. I've checked the changelog in the Fedora
package, and I can verify that all the bugs I've found are fixed
except for one.
http://www.securityfocus.com/bid/27219
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5906
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5907
The securityfocus page lists 3.1.2 as vulnerable, but that doesn't
seem right. The patch was submitted to xen in Oct 2007, and 3.1.2
came out in Nov 2007, so the patch should be in 3.1.2. Also, the nist
pages don't list 3.1.2 as vulnerable. I've poked around on the
xenbits changelog, but I can't find a big obvious "fixed
CVE-2007-5906" entry.
Can anyone clarify? Either if 3.1.2 is indeed patched against this
bug, or if the Fedora 7 xen-3.1.2-1.fc7 is patched?
Thanks!
-Dylan
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
|
<Prev in Thread] |
Current Thread |
[Next in Thread>
|
- [Xen-users] DR7 and CR4,
Dylan Martin <=
|
|
|
|
|