[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH] Fix CVE-2007-1320, CVE-2007-1321 , CVE-2007-1322, CVE-2007-1323 and CVE-2007-1366

01 May 2007 Sal tarihinde, Keir Fraser ÅunlarÄ yazmÄÅtÄ: 
> On 1/5/07 14:29, "S.ÃaÄlar Onur" <caglar@xxxxxxxxxxxxx> wrote:
> > If anybody interested, attached patch (against 3.0.4) fixes
> > CVE-2007-1320, CVE-2007-1321 , CVE-2007-1322, CVE-2007-1323 and
> > CVE-2007-1366 which affects qemu and also seems valid for xen.
> Is the patch from upstream qemu? We have our own patches to fix these
> issues in 3.0.5-rc, but we'd consider an alternative that keeps us closer
> to upstream qemu (albeit a later qemu than we build against).

I'm not sure these go into upstream or not but our security team grabbed this 
from Debian [1].

P.S: while i get your attention :) is it possible to push both 3.0.4 and 3.0.5 
CVEish patches into trees, we have 15 pending patch in our package which 
submitted to list and xen-bugzilla long before?

S.ÃaÄlar Onur <caglar@xxxxxxxxxxxxx>

Linux is like living in a teepee. No Windows, no Gates and an Apache in house!

Attachment: signature.asc
Description: This is a digitally signed message part.

Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.