WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-users

[Xen-users] DR7 and CR4

To: Xen-users@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-users] DR7 and CR4
From: "Dylan Martin" <dmartin@xxxxxxxxxxxx>
Date: Fri, 1 Feb 2008 10:06:27 -0800
Delivery-date: Fri, 01 Feb 2008 10:07:03 -0800
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
Hi, I'm trying to verify that the Xen I'm running is patched against
the all the known published bugs.  I'm running Fedora 7, which means
I'm running Xen 3.1.2.  I've checked the changelog in the Fedora
package, and I can verify that all the bugs I've found are fixed
except for one.

http://www.securityfocus.com/bid/27219
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5906
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5907

The securityfocus page lists 3.1.2 as vulnerable, but that doesn't
seem right.  The patch was submitted to xen in Oct 2007, and 3.1.2
came out in Nov 2007, so the patch should be in 3.1.2.  Also, the nist
pages don't list 3.1.2 as vulnerable.  I've poked around on the
xenbits changelog, but I can't find a big obvious "fixed
CVE-2007-5906" entry.

Can anyone clarify?  Either if 3.1.2 is indeed patched against this
bug, or if the Fedora 7 xen-3.1.2-1.fc7 is patched?

Thanks!
-Dylan

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

<Prev in Thread] Current Thread [Next in Thread>