|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] Xen security issues
> On 14/04/2013 19:35, AL13N wrote: >> Op zondag 14 april 2013 11:15:03 schreef Ian Campbell: >>> On Sun, 2013-04-14 at 08:05 +0100, AL13N wrote: >>>> I'm the Mageia maintainer and i'm a bit behind on patching CVE-* . >>>> >>>> can anyone help me find out which of these are actually applicable for >>>> 4.1.2? >>> You can find a list of the already public Xen security announcements, >>> with CVE numbers and links to advisories, patches etc at: >>> >>> http://wiki.xen.org/wiki/Security_Announcements >> the problem is not finding the patches :-) >> >> the problem is which in those huge lists are actually applicable to that >> specific version: xen-4.2.1 >> >> or more, which aren't applicable :-). > > > http://wiki.xen.org/wiki/Xen_4.2_Release_Notes > > Xen 4.2 was released on 17 Sept 2012. XSA-19 and earlier where older > than that, so are not applicable. XSA-20 and newer all specifically > refer to xen-4.2-testing and whether it is vulnerable or not. Thanks for the pointers, this will make it a lot easier for me! > Although now I note that you might have transposed 4.1.2. no, luckily i didn't, mga2 has 4.1.2; while mga3 will have 4.2.1. > So the 4.1 release notes puts 4.1.2 on 21 Oct 2011. However, I would > highly recomend moving forwards to 4.1.4 or even newer. 4.1.x is in > maintenance now and is only receiving bugfixes, but being OS software, > there is still a steady stream of bugfixes being backported. i'll keep this in mind for mga2 . atm, my priority is mga3, though. _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |