On Mon, Dec 26, 2016 at 08:04:29PM +0100, Hugo Lefeuvre wrote:
> Hi Moritz,
>
> > That doesn't make sense. Only a very small subset of the qemu copy
> > is security-relavant in Xen and if that happens they've usually
> > published an XSA advisory for it.
>
> XSA advisories are published for stabl
Hi Moritz,
> That doesn't make sense. Only a very small subset of the qemu copy
> is security-relavant in Xen and if that happens they've usually
> published an XSA advisory for it.
XSA advisories are published for stable versions, which is not the
case of the version in wheezy. So, IMO it makes
On Tue, Nov 29, 2016 at 10:18:51AM +0100, Hugo Lefeuvre wrote:
> Hi,
>
> So far, I have triaged ~120 CVEs. I have used all my assigned hours, so
> I won't be able to finish the work this month.
>
> I have marked Xen as affected by 45 'new' CVEs until now. Not all of
> them deserve a DLA.
That do
On 29/11/16 10:18, Hugo Lefeuvre wrote:
> Hi,
>
> So far, I have triaged ~120 CVEs. I have used all my assigned hours, so
> I won't be able to finish the work this month.
>
> I have marked Xen as affected by 45 'new' CVEs until now. Not all of
> them deserve a DLA.
>
> Here are the remaining one
Hi,
So far, I have triaged ~120 CVEs. I have used all my assigned hours, so
I won't be able to finish the work this month.
I have marked Xen as affected by 45 'new' CVEs until now. Not all of
them deserve a DLA.
Here are the remaining ones:
CVE-2009-3616
CVE-2010-0297
CVE-2010-0431
CVE-2010-278
Hi Raphaël,
> how far are you with the triaging?
I have triaged ~110 of the 160 CVEs (and have used all my assigned
hours for this task).
I'll continue to work on it during the week-end and will publish a
list containing the remaining to-be-triaged CVEs, so other contributors
can continue the wo
Hi Hugo,
how far are you with the triaging?
On Fri, 04 Nov 2016, Guido Günther wrote:
> > I wasn't aware that Xen was embedding QEMU (what a weird idea !?).
>
> I triaged the current ones (thankfully we don't have 9pfs in that
> version) up to CVE-2016-8669 and will check with the xen guys on ho
Hi Hugo,
On Sun, Oct 30, 2016 at 01:14:57PM +0100, Hugo Lefeuvre wrote:
> Hi Guido,
>
> > While looking at recent Qemu CVEs I noticed that Xen's embedded qemu
> > does not show up on the list of affected packages for QEMU CVEs anymore
> > so I added:
> >
> > - xen 4.4.0-1
> > NOTE: Xen sw
Hi Guido,
> While looking at recent Qemu CVEs I noticed that Xen's embedded qemu
> does not show up on the list of affected packages for QEMU CVEs anymore
> so I added:
>
> - xen 4.4.0-1
> NOTE: Xen switched to qemu-system in 4.4.0-1
>
> to these entries. This shows wheezy as affected so
Hi,
While looking at recent Qemu CVEs I noticed that Xen's embedded qemu
does not show up on the list of affected packages for QEMU CVEs anymore
so I added:
- xen 4.4.0-1
NOTE: Xen switched to qemu-system in 4.4.0-1
to these entries. This shows wheezy as affected so we can triage them
(wh
10 matches
Mail list logo
