Wei Liu writes ("[PATCH] libxl: update flex output files"):
> Libxl ships output files from flex (libxlu_*_l.{c,h}). We use the flex
> shipped in Debian to generate those files. Debian just patched their
> flex (DSA 3653-1) to fix CVE-2016-6354, which is a buffer overrun bug.
>
> Note that libxl is _NOT_ vulnerable to that CVE. See below for Ian's
> analysis to security@xen.
>
> It would still be nice that we update our shipped flex output files to
> avoid confusion.
Acked-by: Ian Jackson <ian.jack...@eu.citrix.com>
Ian.
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
