Hi Raphaël, > how far are you with the triaging? I have triaged ~110 of the 160 CVEs (and have used all my assigned hours for this task). I'll continue to work on it during the week-end and will publish a list containing the remaining to-be-triaged CVEs, so other contributors can continue the work. By the way, I have only determined whether Xen was affected, not whether CVEs deserved a DLA. Some of the CVEs revealed by this triage work should probably be tagged no-dsa. For instance, no-dsa issues in QEMU should probably be tagged no-dsa in Xen, too. > What's the status? I think we should ask credativ to start looking into > the already identified CVE, no? I think Guido intended to do it. Cheers, Hugo -- Hugo Lefeuvre (hle) | www.owl.eu.com 4096/ ACB7 B67F 197F 9B32 1533 431C AC90 AC3E C524 065E
Attachment:
signature.asc
Description: PGP signature