[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] CVE-2011-1166

To: Keith Coleman <keith.coleman@xxxxxxxxxxxxx>
From: Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>
Date: Wed, 29 Feb 2012 14:49:20 +0000
Cc: Jonathan Tripathy <jonnyt@xxxxxxxxxxx>, "xen-devel@xxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxx>
Delivery-date: Wed, 29 Feb 2012 14:49:40 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

Jonathan Tripathy writes ("[Xen-devel] CVE-2011-1166"):
> I'm currently looking at CVE-2011-1166:
> 
> http://securitytracker.com/id/1025226
> 
> Am I correct in saying that this issue is fixed in the latest stable 4.x 
> branch, but not in the 3.4.4 release? I see the fix here:
> 
> http://xenbits.xen.org/hg/staging/xen-unstable.hg/rev/c79aae866ad8
> 
> however I do not see the same fix applied in 3.4.4:
> 
> http://xenbits.xen.org/hg/xen-3.4-testing.hg/file/ac68ad6fe4b7/xen/arch/x86/domain.c#l716
> 
> Shouldn't this be fixed?

Probably.  I haven't checked whether 3.4 is vulnerable.  This is a
question for the 3.4 stable tree maintainer, Keith Coleman.  Keith ?

Thanks,
Ian.

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

References:
- [Xen-devel] CVE-2011-1166
  - From: Jonathan Tripathy

Prev by Date: Re: [Xen-devel] configure failure
Next by Date: Re: [Xen-devel] [PATCH] configure: do not require Bison
Previous by thread: [Xen-devel] CVE-2011-1166
Next by thread: [Xen-devel] Invitation to connect on LinkedIn
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.