Hi, November 2016 was my third month as a payed Debian LTS contributor.
I was allocated 11 hours. I spent all of them in CVE triage for Xen.
Longer explanation:
It has been reported by Guido Günter that Xen before v4.4.0-1 embeds
a copy of QEMU 0.10.2. Xen has version 4.1.4 in wheezy, so it is
potentially vulnerable to all security issues affecting QEMU in the
last years.
I have written a script to determine which security issues had to be
triaged (roughly 160 security issues involved) and triaged 120 of
them. 45 issues turned out to be affecting Xen in wheezy.
Cheers,
Hugo
--
Hugo Lefeuvre (hle) | www.owl.eu.com
4096/ ACB7 B67F 197F 9B32 1533 431C AC90 AC3E C524 065E
signature.asc
Description: PGP signature
