Re: working for wheezy-security until wheezy-lts starts
On Wed, Mar 16, 2016 at 02:27:15PM +1100, Brian May wrote:
> Guido Günther <firstname.lastname@example.org> writes:>
> > Sid has Xen 4.6 and looking at the CVEs that affect sid the patches
> > don't seem to be applied so the tracker looks correct, there's plenty of
> > work left.
> > Are you going to look at the Wheezy packages?
> Looking now.
> Just looking at CVE-2015-2756 - this appears to be a vulnerability in
> qemu - not xen - and squeeze and wheezy are not affected.
The patches provided with the xsa seem to apply to the embedded qemu
copy of xen 4.1.4 but I did not check if a HVM guest can exploit this.