|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] Xen security issues
On 14/04/2013 19:35, AL13N wrote: > Op zondag 14 april 2013 11:15:03 schreef Ian Campbell: >> On Sun, 2013-04-14 at 08:05 +0100, AL13N wrote: >>> I'm the Mageia maintainer and i'm a bit behind on patching CVE-* . >>> >>> can anyone help me find out which of these are actually applicable for >>> 4.1.2? >> You can find a list of the already public Xen security announcements, >> with CVE numbers and links to advisories, patches etc at: >> >> http://wiki.xen.org/wiki/Security_Announcements > the problem is not finding the patches :-) > > the problem is which in those huge lists are actually applicable to that > specific version: xen-4.2.1 > > or more, which aren't applicable :-). http://wiki.xen.org/wiki/Xen_4.2_Release_Notes Xen 4.2 was released on 17 Sept 2012. XSA-19 and earlier where older than that, so are not applicable. XSA-20 and newer all specifically refer to xen-4.2-testing and whether it is vulnerable or not. Although now I note that you might have transposed 4.1.2. So the 4.1 release notes puts 4.1.2 on 21 Oct 2011. However, I would highly recomend moving forwards to 4.1.4 or even newer. 4.1.x is in maintenance now and is only receiving bugfixes, but being OS software, there is still a steady stream of bugfixes being backported. ~Andrew _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |