reopen 688125
retitle 688125 CVE-2012-2625 / CVE-2012-4544
thanks

On Sun, Oct 07, 2012 at 06:07:31PM +0200, Bastian Blank wrote:
> On Fri, Sep 21, 2012 at 02:23:13PM +0200, Bastian Blank wrote:
> > The referenced bug marked with CVE-2012-2625 speaks about the pv loader
> > for bzip2 and lzma kernels. This loader is implemented in libxenctrl and
> > the hypervisor for dom0. I see no mitigation in this code against large
> > decompressed files. Plus there is an integer overflow.
> > 
> > 60f09d1ab1fe fixes reading too large files from guest filesystems using
> > pygrub.
> 
> I received no further information. Please reopen _after_ you figured
> out, which one this is and this information got published in the CVE
> list.

Please see http://lists.xen.org/archives/html/xen-devel/2012-10/msg02015.html
for clarification

Cheers,
        Moritz


-- 
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]

Reply via email to