|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [BUG] Error applying XSA240 update 5 on 4.8 and 4.9 (patch 3 references CONFIG_PV_LINEAR_PT, 3285e75dea89, x86/mm: Make PV linear pagetables optional)
On Friday, 17 November 2017 2:09:09 AM AEDT Ian Jackson wrote:
> George Dunlap writes ("Re: [BUG] Error applying XSA240 update 5 on 4.8 and
4.9 (patch 3 references CONFIG_PV_LINEAR_PT, 3285e75dea89, x86/mm: Make PV
linear pagetables optional)"):
> > These are two different things. Steve's reluctance to backport a
> > potentially arbitrary number of non-security-related patches is
> > completely reasonable.
>
> I think the right thing to do is this:
>
> If the patche(s) in an XSA require commits from staging-N which are
> not contained in previous XSAs, the prerequisite commits should be
> listed in the advisory.
>
> That way someone who is following the XSAs (and by implication does
> not want to take the other stuff from staging-N/stable-N or even our
> point releases) will be able to take the minimum set necessary.
Hi Ian,
I think that would be a great idea. That way, if a non-xsa and non-release
commit is required, at least it is documented as such - therefore correctable.
On a theoretical side though, what would be the chances of opening up other
vulnerabilities like this? I would think somewhat minimal, but worthy of
thought - even in passing...
--
Steven Haigh
📧 netwiz@xxxxxxxxx 💻 http://www.crc.id.au
📞 +61 (3) 9001 6090 📱 0412 935 897Attachment:
signature.asc _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx https://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |