[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Publicity] URGENT: Venom flaw re: VirtualBox



Zack,

Sarah received the mail yesterday and consequently we consulted the security team. Here is the response.

The Xen Project Security team cannot discuss _any_ details of what people have told us under embargo except:
- when coopting technical assistance;
- when an XSA is predisclosed (and then only to the list members of the Xen Project Pre-Disclosure List - see URL below); and
- when an XSA has been released.

That extends to not discussing what we _haven't_ been told as well. The only information we make public is the assignment of numbers.
You can see from http://xenbits.xen.org/xsa/ that XSA-133 will be released today at 12:00 UTC, with details of an unspecified vulnerability.

You can find more information about the Xen Project's Security Vulnerability Process at http://www.xenproject.org/security-policy.html

Best Regards
Lars

On 12 May 2015, at 19:50, Zack Whittaker <zack@xxxxxxxxxxxxxxxxxxx> wrote:

Hi -- 

Hoping this email reaches Sarah Conway.

I spoke to CrowdStrike earlier today about the Venom flaw that was found in QEMU, which was integrated with Xen.

Would you be the best person to shoot questions to, or would you know of a press person to speak to?

Looking forward to hearing from you.

Best,
Zack 

--
Zack Whittaker
Writer-editor: ZDNet | CNET | CBS News
28 E. 28th St., New York, NY 10016
+1 646 424-4382 (office)
+1 929 444-6805 (cell)
_______________________________________________
Publicity mailing list
Publicity@xxxxxxxxxxxxxxxxxxxx
http://lists.xenproject.org/cgi-bin/mailman/listinfo/publicity

_______________________________________________
Publicity mailing list
Publicity@xxxxxxxxxxxxxxxxxxxx
http://lists.xenproject.org/cgi-bin/mailman/listinfo/publicity

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.