[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] Xen 3.4.4 security fixes

To: Ian Campbell <Ian.Campbell@xxxxxxxxxx>
From: Jonathan Tripathy <jonnyt@xxxxxxxxxxx>
Date: Mon, 27 Feb 2012 12:26:52 +0000
Cc: "xen-devel@xxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxx>
Delivery-date: Mon, 27 Feb 2012 12:27:16 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>


On 27/02/2012 12:08, Ian Campbell wrote:

On Mon, 2012-02-27 at 12:00 +0000, Jonathan Tripathy wrote:

" Security enhancements including CVE-2011-1583"

However, the aforementioned CVE seems to only apply to other versions
of Xen (3.4.x is missing in the list of venerable software)

While I'm obviously happy that the latest release is free of this bug,
can someone please shed some light on how this bug was fixed in 3.4.4,
when it wasn't supposed to be present in the first place in 3.4.3?

Given that 3.3 and 4.0 were vulnerable I think this is simply a case of
3.4 being accidentally omitted from the list.

Ian.

Thanks for the reply, Ian.

Any ideas on what other security issues were fixed?

Thanks

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

References:
- [Xen-devel] Xen 3.4.4 security fixes
  - From: Jonathan Tripathy
- Re: [Xen-devel] Xen 3.4.4 security fixes
  - From: Ian Campbell

Prev by Date: [Xen-devel] [PATCH 3/3] build: check if libm is needed in configure
Next by Date: Re: [Xen-devel] [PATCH DOCDAY] hcall: markup the event channel hypercalls to improve generated docs
Previous by thread: Re: [Xen-devel] Xen 3.4.4 security fixes
Next by thread: [Xen-devel] [PATCH DOCDAY] hcall: markup the event channel hypercalls to improve generated docs
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.