subject:"\[Xen\-devel\] \[PATCH\] libxl\: update flex output files"

Re: [Xen-devel] [PATCH] libxl: update flex output files for DSA 3653-2

2016-09-05 Thread Wei Liu

On Mon, Sep 05, 2016 at 11:24:45AM +0100, Ian Jackson wrote: > Wei Liu writes ("[PATCH] libxl: update flex output files for DSA 3653-2"): > > We updated flex output files in 4b314c89 ("libxl: update flex output > > files") for DSA 3653-1 / CVE-2016-6354. But Debian security team > > discovered the

Re: [Xen-devel] [PATCH] libxl: update flex output files for DSA 3653-2

2016-09-05 Thread Ian Jackson

Wei Liu writes ("[PATCH] libxl: update flex output files for DSA 3653-2"): > We updated flex output files in 4b314c89 ("libxl: update flex output > files") for DSA 3653-1 / CVE-2016-6354. But Debian security team > discovered the fix to flex was incomplete and issued DSA 3653-2. We need > to update

[Xen-devel] [PATCH] libxl: update flex output files for DSA 3653-2

2016-09-05 Thread Wei Liu

We updated flex output files in 4b314c89 ("libxl: update flex output files") for DSA 3653-1 / CVE-2016-6354. But Debian security team discovered the fix to flex was incomplete and issued DSA 3653-2. We need to update our flex output files accordingly. Signed-off-by: Wei Liu --- Cc: Ian Jackson -

Re: [Xen-devel] [PATCH] libxl: update flex output files

2016-08-30 Thread Wei Liu

On Tue, Aug 30, 2016 at 01:51:33PM +0100, Ian Jackson wrote: > Wei Liu writes ("[PATCH] libxl: update flex output files"): > > Libxl ships output files from flex (libxlu_*_l.{c,h}). We use the flex > > shipped in Debian to generate those files. Debian just patched their > > flex (DSA 3653-1) to fix

Re: [Xen-devel] [PATCH] libxl: update flex output files

2016-08-30 Thread Ian Jackson

Wei Liu writes ("[PATCH] libxl: update flex output files"): > Libxl ships output files from flex (libxlu_*_l.{c,h}). We use the flex > shipped in Debian to generate those files. Debian just patched their > flex (DSA 3653-1) to fix CVE-2016-6354, which is a buffer overrun bug. > > Note that libxl i

[Xen-devel] [PATCH] libxl: update flex output files

2016-08-26 Thread Wei Liu

Libxl ships output files from flex (libxlu_*_l.{c,h}). We use the flex shipped in Debian to generate those files. Debian just patched their flex (DSA 3653-1) to fix CVE-2016-6354, which is a buffer overrun bug. Note that libxl is _NOT_ vulnerable to that CVE. See below for Ian's analysis to securi

Re: [Xen-devel] [PATCH] libxl: update flex output files for DSA 3653-2

Re: [Xen-devel] [PATCH] libxl: update flex output files for DSA 3653-2

[Xen-devel] [PATCH] libxl: update flex output files for DSA 3653-2

Re: [Xen-devel] [PATCH] libxl: update flex output files

Re: [Xen-devel] [PATCH] libxl: update flex output files

[Xen-devel] [PATCH] libxl: update flex output files

6 matches

Site Navigation

Mail list logo

Footer information