[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] old (but unfixed in our clones) qemu security issues?



Stefano,

apart from having been curious for a while why we carry a fix for
CVE-2013-4540 in our 4.4.1 based tree, patches for CVE-2014-3615
appeared there too recently. What is the maintenance state of the
stable qemu upstream trees in regard to security fixes? I would kind
of expect that you as the maintainer pick up such fixes (semi-)
automatically. Quite likely some of the upstream issues don't directly
affect our clones, perhaps simply because we don't build the
respective code (at least by default), but I think we should either
document such facts or (unless they impose severe risk) we should
apply them nevertheless.

Thanks, Jan


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.