This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


Re: [Xen-devel] [PATCH] Fix CVE-2007-1320, CVE-2007-1321 , CVE-2007-132

To: Keir Fraser <keir@xxxxxxxxxxxxx>
Subject: Re: [Xen-devel] [PATCH] Fix CVE-2007-1320, CVE-2007-1321 , CVE-2007-1322, CVE-2007-1323 and CVE-2007-1366
From: "S.Çağlar Onur" <caglar@xxxxxxxxxxxxx>
Date: Tue, 1 May 2007 17:15:09 +0300
Cc: xen-devel@xxxxxxxxxxxxxxxxxxx
Delivery-date: Tue, 01 May 2007 07:13:59 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <C25D02D6.E349%keir@xxxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Organization: TÜBİTAK / UEKAE
References: <C25D02D6.E349%keir@xxxxxxxxxxxxx>
Reply-to: caglar@xxxxxxxxxxxxx
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: KMail/1.9.6
01 May 2007 Sal tarihinde, Keir Fraser şunları yazmıştı: 
> On 1/5/07 14:29, "S.Çağlar Onur" <caglar@xxxxxxxxxxxxx> wrote:
> > If anybody interested, attached patch (against 3.0.4) fixes
> > CVE-2007-1320, CVE-2007-1321 , CVE-2007-1322, CVE-2007-1323 and
> > CVE-2007-1366 which affects qemu and also seems valid for xen.
> Is the patch from upstream qemu? We have our own patches to fix these
> issues in 3.0.5-rc, but we'd consider an alternative that keeps us closer
> to upstream qemu (albeit a later qemu than we build against).

I'm not sure these go into upstream or not but our security team grabbed this 
from Debian [1].

P.S: while i get your attention :) is it possible to push both 3.0.4 and 3.0.5 
CVEish patches into trees, we have 15 pending patch in our package which 
submitted to list and xen-bugzilla long before?

S.Çağlar Onur <caglar@xxxxxxxxxxxxx>

Linux is like living in a teepee. No Windows, no Gates and an Apache in house!

Attachment: signature.asc
Description: This is a digitally signed message part.

Xen-devel mailing list