Hi, Last month I've gone through most of the CVEs affecting qemu in the past years and investigated whether they were likely to affect the wheezy version of Xen. For that I have considered that any vulnerability affecting the embedded version of Qemu was also affecting Xen, which is, according to Moritz, not true.
Thus, I'd like to go through the CVEs I marked as affecting Xen in
wheezy and test whether they are really affecting Xen. However, I do
not know Xen very well and I will surely not be very efficient.
Moreover, I fear that this is not a very good way of spending my
assigned time.
So here is my question: How should we handle this mass of potential
vulnerabilities in Xen ? Should we take time to test these (mostly
minor) potential issues ?
Guido: As far as I remember, you wanted to speak about it with
Creadiv. Did you do it ? Any reply or advice from them ?
If needed, I can also take time to work on it outside of my assigned
time. In this case however, I'm not sure I'll be able to do it in a
timely manner.
Cheers,
Hugo
--
Hugo Lefeuvre (hle) | www.owl.eu.com
4096/ ACB7 B67F 197F 9B32 1533 431C AC90 AC3E C524 065E
signature.asc
Description: PGP signature
