[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Qemu CVEs in Xen

Hi Raphaël,

> how far are you with the triaging?

I have triaged ~110 of the 160 CVEs (and have used all my assigned
hours for this task).

I'll continue to work on it during the week-end and will publish a
list containing the remaining to-be-triaged CVEs, so other contributors
can continue the work.

By the way, I have only determined whether Xen was affected, not whether
CVEs deserved a DLA. Some of the CVEs revealed by this triage work
should probably be tagged no-dsa. For instance, no-dsa issues in
QEMU should probably be tagged no-dsa in Xen, too.

> What's the status? I think we should ask credativ to start looking into
> the already identified CVE, no?

I think Guido intended to do it.


             Hugo Lefeuvre (hle)    |    www.owl.eu.com
4096/ ACB7 B67F 197F 9B32 1533 431C AC90 AC3E C524 065E

Attachment: signature.asc
Description: PGP signature

Reply to: