[Xen-users] DR7 and CR4

["Dylan Martin" <dmartin@xxxxxxxxxxxx>]

Hi, I'm trying to verify that the Xen I'm running is patched against
the all the known published bugs.  I'm running Fedora 7, which means
I'm running Xen 3.1.2.  I've checked the changelog in the Fedora
package, and I can verify that all the bugs I've found are fixed
except for one.

http://www.securityfocus.com/bid/27219
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5906
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5907

The securityfocus page lists 3.1.2 as vulnerable, but that doesn't
seem right.  The patch was submitted to xen in Oct 2007, and 3.1.2
came out in Nov 2007, so the patch should be in 3.1.2.  Also, the nist
pages don't list 3.1.2 as vulnerable.  I've poked around on the
xenbits changelog, but I can't find a big obvious "fixed
CVE-2007-5906" entry.

Can anyone clarify?  Either if 3.1.2 is indeed patched against this
bug, or if the Fedora 7 xen-3.1.2-1.fc7 is patched?

Thanks!
-Dylan

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users