[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] old (but unfixed in our clones) qemu security issues?

On Mon, 2 Mar 2015, Jan Beulich wrote:
> >>> On 02.03.15 at 15:05, <stefano.stabellini@xxxxxxxxxxxxx> wrote:
> > I guess I could monitor cve.mitre.org or the QEMU stable tree for
> > commits with "CVE" in the commit message, but there isn't much else I
> > can do.
> 
> Yes, I think the latter is (for the time being) the most promising route.
> Question is how much work it is going to be to find out about past
> ones.

I could look at the matching QEMU stable tree for each of our past
qemu-xen-upstream releases.

Unfortunately it is going to be an error prone process as QEMU stable
trees have shorter maintenance cycles compared to Xen Project. I am
unlikely to find recent CVEs backported to 1.6.x, that is the base for
qemu-xen in Xen 4.4.

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.