[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH] libxl: update flex output files

To: Wei Liu <wei.liu2@xxxxxxxxxx>
From: Ian Jackson <ian.jackson@xxxxxxxxxxxxx>
Date: Tue, 30 Aug 2016 13:51:33 +0100
Cc: Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>
Delivery-date: Tue, 30 Aug 2016 12:51:41 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

Wei Liu writes ("[PATCH] libxl: update flex output files"):
> Libxl ships output files from flex (libxlu_*_l.{c,h}). We use the flex
> shipped in Debian to generate those files. Debian just patched their
> flex (DSA 3653-1) to fix CVE-2016-6354, which is a buffer overrun bug.
> 
> Note that libxl is _NOT_ vulnerable to that CVE. See below for Ian's
> analysis to security@xen.
> 
> It would still be nice that we update our shipped flex output files to
> avoid confusion.

Acked-by: Ian Jackson <ian.jackson@xxxxxxxxxxxxx>

Ian.

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel

Follow-Ups:
- Re: [Xen-devel] [PATCH] libxl: update flex output files
  - From: Wei Liu

References:
- [Xen-devel] [PATCH] libxl: update flex output files
  - From: Wei Liu

Prev by Date: Re: [Xen-devel] [PATCH] tools: delete gtraceview and gtracestat
Next by Date: Re: [Xen-devel] [PATCH v2 1/2] tools: remove blktap2 related code and documentation
Previous by thread: [Xen-devel] [PATCH] libxl: update flex output files
Next by thread: Re: [Xen-devel] [PATCH] libxl: update flex output files
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.