[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Qemu CVEs in Xen



Hi,

So far, I have triaged ~120 CVEs. I have used all my assigned hours, so
I won't be able to finish the work this month.

I have marked Xen as affected by 45 'new' CVEs until now. Not all of
them deserve a DLA.

Here are the remaining ones:

CVE-2009-3616
CVE-2010-0297
CVE-2010-0431
CVE-2010-2784
CVE-2011-0011
CVE-2011-1750
CVE-2011-1751
CVE-2011-2212
CVE-2011-2512
CVE-2011-2527
CVE-2011-3346
CVE-2012-2652
CVE-2013-4149
CVE-2013-4150
CVE-2013-4526
CVE-2013-4527
CVE-2013-4529
CVE-2013-4530
CVE-2013-4531
CVE-2013-4534
CVE-2013-4535
CVE-2013-4536
CVE-2013-4539
CVE-2013-4540
CVE-2013-4541
CVE-2014-0142
CVE-2014-0143
CVE-2014-0144
CVE-2014-0145
CVE-2014-0147
CVE-2014-0150
CVE-2014-0182
CVE-2014-3461
CVE-2014-3615
CVE-2014-3689
CVE-2014-7840
CVE-2014-9718
CVE-2015-8556
CVE-2015-4037

Feel free to have a look at them.
Issues before 2009 are not affecting Xen in wheezy:

CVE-2007-1321
CVE-2007-1322
CVE-2007-1366
CVE-2007-5729
CVE-2007-5730
CVE-2007-6227
CVE-2008-1945
CVE-2008-4539
CVE-2008-4553
CVE-2008-5714

Should I mark Xen as unaffected by these issues in the tracker or should
we just ignore them ?

Cheers,
 Hugo

-- 
             Hugo Lefeuvre (hle)    |    www.owl.eu.com
4096/ ACB7 B67F 197F 9B32 1533 431C AC90 AC3E C524 065E

Attachment: signature.asc
Description: PGP signature


Reply to: