|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH] Fix CVE-2007-1320, CVE-2007-1321 , CVE-2007-1322, CVE-2007-1323 and CVE-2007-1366
01 May 2007 Sal tarihinde, Keir Fraser ÅunlarÄ yazmÄÅtÄ: > On 1/5/07 14:29, "S.ÃaÄlar Onur" <caglar@xxxxxxxxxxxxx> wrote: > > If anybody interested, attached patch (against 3.0.4) fixes > > CVE-2007-1320, CVE-2007-1321 , CVE-2007-1322, CVE-2007-1323 and > > CVE-2007-1366 which affects qemu and also seems valid for xen. > > Is the patch from upstream qemu? We have our own patches to fix these > issues in 3.0.5-rc, but we'd consider an alternative that keeps us closer > to upstream qemu (albeit a later qemu than we build against). I'm not sure these go into upstream or not but our security team grabbed this from Debian [1]. P.S: while i get your attention :) is it possible to push both 3.0.4 and 3.0.5 CVEish patches into trees, we have 15 pending patch in our package which submitted to list and xen-bugzilla long before? [1] http://security.debian.org/pool/updates/main/q/qemu/qemu_0.8.2-4etch1.diff.gz -- S.ÃaÄlar Onur <caglar@xxxxxxxxxxxxx> http://cekirdek.pardus.org.tr/~caglar/ Linux is like living in a teepee. No Windows, no Gates and an Apache in house! Attachment:
signature.asc _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |