[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-users] [RESEARCH] Security patch delivery delay

To: xen-users@xxxxxxxxxxxxx
From: Stefan GeiÃler <info@xxxxxxxxxxxxxxxxxxx>
Date: Mon, 14 Sep 2015 11:06:21 +0200
Delivery-date: Mon, 14 Sep 2015 09:06:43 +0000
List-id: Xen user discussion <xen-users.lists.xen.org>

Hello xen-users,

I am currently analyzing the delay between vulnerability disclosure (CVErelease) and the release of a corresponding patch.

First, i noticed that some vulnerabilities are patched before the CVEwas assigned. How is that possible? Was the vulnerability "accitendally"fixed? (Example: According to NVD CVE-2011-2519 was fixed on 2008-02-05)

Second, does someone know why some vulnerabilities get a fix on CVErelease day while some only recieve a fix after weeks or even month?(Maximum delay I observed is 241 days)


Regards,
Stefan

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxx
http://lists.xen.org/xen-users

Follow-Ups:
- Re: [Xen-users] [RESEARCH] Security patch delivery delay
  - From: Ian Campbell

Prev by Date: Re: [Xen-users] Xen bridging issue
Next by Date: [Xen-users] XEN 4.4 Freezes after long period of inactivity
Previous by thread: [Xen-users] Acquire memory image of domU over network
Next by thread: Re: [Xen-users] [RESEARCH] Security patch delivery delay
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.