[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] old (but unfixed in our clones) qemu security issues?

To: "Stefano Stabellini" <stefano.stabellini@xxxxxxxxxxxxx>
From: "Jan Beulich" <JBeulich@xxxxxxxx>
Date: Mon, 02 Mar 2015 11:44:10 +0000
Cc: xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>
Delivery-date: Mon, 02 Mar 2015 11:44:16 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

Stefano,

apart from having been curious for a while why we carry a fix for
CVE-2013-4540 in our 4.4.1 based tree, patches for CVE-2014-3615
appeared there too recently. What is the maintenance state of the
stable qemu upstream trees in regard to security fixes? I would kind
of expect that you as the maintainer pick up such fixes (semi-)
automatically. Quite likely some of the upstream issues don't directly
affect our clones, perhaps simply because we don't build the
respective code (at least by default), but I think we should either
document such facts or (unless they impose severe risk) we should
apply them nevertheless.

Thanks, Jan


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

Follow-Ups:
- Re: [Xen-devel] old (but unfixed in our clones) qemu security issues?
  - From: Stefano Stabellini

Prev by Date: Re: [Xen-devel] freemem-slack and large memory environments
Next by Date: Re: [Xen-devel] [PATCH v2] ts-xen-install: Enable debug level logging in libvirt
Previous by thread: Re: [Xen-devel] [PATCH 3/4] usb: Introduce Xen pvUSB backend
Next by thread: Re: [Xen-devel] old (but unfixed in our clones) qemu security issues?
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.