[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] Re: [vendor-sec] Re: [oss-security] New Xen ioemu: PVFB backend issue
From:       Robert Buchholz <rbu () gentoo ! org>
Date:       2008-06-24 8:14:47
Message-ID: 200806241014.51258.rbu () gentoo ! org
[Download RAW message or body]


On Monday 23 June 2008, Steven M. Christey wrote:
> On Thu, 19 Jun 2008, Nico Golde wrote:
> > Can you take care about the remaining steps to get this on
> > the mitre site or Steve could you update this? Quite some
> > time passed since this was assigned :)
>
> There was enough in the initial post, I just missed it the first time
> around.
>
> Any idea on affected Xen versions?

It is not part of the latest release 3.2.1, as it was only introduced 
two days prior (May 13) here:
http://xenbits.xensource.com/xen-unstable.hg?rev/53195719f762

As mentioned, fixed here:
http://xenbits.xensource.com/xen-unstable.hg?rev/9044705960cb

As for the first commit, it does not fall under CVE-2008-1952 -- so I 
assume we need a new CVE, marking CVE-2008-1952 as an improper fix for 
it.


> ======================================================
> Name: CVE-2008-1952
...
> amoount of guest memory.

a-moo-unt ? ;-)


Robert

["signature.asc" (application/pgp-signature)]

[prev in list] [next in list] [prev in thread] [next in thread]