[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: working for wheezy-security until wheezy-lts starts

On Wed, Mar 16, 2016 at 02:27:15PM +1100, Brian May wrote:
> Guido Günther <agx@sigxcpu.org> writes:>
> > Sid has Xen 4.6 and looking at the CVEs that affect sid the patches
> > don't seem to be applied so the tracker looks correct, there's plenty of
> > work left.
> >
> > Are you going to look at the Wheezy packages?
> Looking now.
> Just looking at CVE-2015-2756 - this appears to be a vulnerability in
> qemu - not xen - and squeeze and wheezy are not affected.
> https://security-tracker.debian.org/tracker/CVE-2015-2756

The patches provided with the xsa seem to apply to the embedded qemu
copy of xen 4.1.4 but I did not check if a HVM guest can exploit this.

 -- Guido

Reply to: