Re: Qemu CVEs in Xen

To: Raphael Hertzog <hertzog@debian.org>, Guido Günther <agx@sigxcpu.org>, debian-lts@lists.debian.org
Subject: Re: Qemu CVEs in Xen
From: Hugo Lefeuvre <hle@debian.org>
Date: Sat, 26 Nov 2016 00:46:05 +0100
Message-id: <[🔎] 20161125234605.6wcrhtd5glraormf@hle.local>
In-reply-to: <[🔎] 20161125091953.3kvk7ltg2esz7jdj@home.ouaza.com>
References: <20161030113043.drkvg6tpheg3wkyw@bogon.m.sigxcpu.org> <20161030121457.kvndk24mvsbbafpj@hle.local> <[🔎] 20161104082135.7mbwnzzswxcbahfo@bogon.m.sigxcpu.org> <[🔎] 20161125091953.3kvk7ltg2esz7jdj@home.ouaza.com>

Hi Raphaël,

> how far are you with the triaging?

I have triaged ~110 of the 160 CVEs (and have used all my assigned
hours for this task).

I'll continue to work on it during the week-end and will publish a
list containing the remaining to-be-triaged CVEs, so other contributors
can continue the work.

By the way, I have only determined whether Xen was affected, not whether
CVEs deserved a DLA. Some of the CVEs revealed by this triage work
should probably be tagged no-dsa. For instance, no-dsa issues in
QEMU should probably be tagged no-dsa in Xen, too.

> What's the status? I think we should ask credativ to start looking into
> the already identified CVE, no?

I think Guido intended to do it.

Cheers,
 Hugo

-- 
             Hugo Lefeuvre (hle)    |    www.owl.eu.com
4096/ ACB7 B67F 197F 9B32 1533 431C AC90 AC3E C524 065E

Attachment: signature.asc
Description: PGP signature

Reply to:

Follow-Ups:
- Re: Qemu CVEs in Xen
  - From: Hugo Lefeuvre <hle@debian.org>

References:
- Re: Qemu CVEs in Xen
  - From: Guido Günther <agx@sigxcpu.org>
- Re: Qemu CVEs in Xen
  - From: Raphael Hertzog <hertzog@debian.org>

Prev by Date: Re: Wheezy update of irssi?
Next by Date: Re: monit / CVE-2016-7067
Previous by thread: Re: Qemu CVEs in Xen
Next by thread: Re: Qemu CVEs in Xen
Index(es):
- Date
- Thread