Re: [Publicity] URGENT: Venom flaw re: VirtualBox

[Lars Kurth <lars.kurth.xen@xxxxxxxxx>]

Zack,

Sarah received the mail yesterday and consequently we consulted the security team. Here is the response.

The Xen Project Security team cannot discuss _any_ details of what people have told us under embargo except:

- when coopting technical assistance;
- when an XSA is predisclosed (and then only to the list members of the Xen Project Pre-Disclosure List - see URL below); and
- when an XSA has been released.

That extends to not discussing what we _haven't_ been told as well. The only information we make public is the assignment of numbers.
You can see from http://xenbits.xen.org/xsa/ that XSA-133 will be released today at 12:00 UTC, with details of an unspecified vulnerability.

You can find more information about the Xen Project's Security Vulnerability Process at http://www.xenproject.org/security-policy.html

Best Regards

Lars

On 12 May 2015, at 19:50, Zack Whittaker <zack@xxxxxxxxxxxxxxxxxxx> wrote:

Hi -- 

Hoping this email reaches Sarah Conway.

I spoke to CrowdStrike earlier today about the Venom flaw that was found in QEMU, which was integrated with Xen.

Would you be the best person to shoot questions to, or would you know of a press person to speak to?

Looking forward to hearing from you.

Best,

Zack 

--

Zack Whittaker

Writer-editor: ZDNet | CNET | CBS News

28 E. 28th St., New York, NY 10016

+1 646 424-4382 (office)

+1 929 444-6805 (cell)

@zackwhittaker | PGP: EB6CEEA5

_______________________________________________
Publicity mailing list
Publicity@xxxxxxxxxxxxxxxxxxxx
http://lists.xenproject.org/cgi-bin/mailman/listinfo/publicity

_______________________________________________
Publicity mailing list
Publicity@xxxxxxxxxxxxxxxxxxxx
http://lists.xenproject.org/cgi-bin/mailman/listinfo/publicity