Hi Guido,
> While looking at recent Qemu CVEs I noticed that Xen's embedded qemu
> does not show up on the list of affected packages for QEMU CVEs anymore
> so I added:
>
> - xen 4.4.0-1
> NOTE: Xen switched to qemu-system in 4.4.0-1
>
> to these entries. This shows wheezy as affected so we can triage them
> (wheezy beeing the only release left with an embedded qemu).
>
> IMHO we need to go back through the other entries and do the same and
> then triage them as usual or did I miss something related to XENs
> embedded QEMU?
I agree. I've just had a look at the embedded version of QEMU (which is,
by the way, very old now (0.10.2)), and it seems to be vulnerable to
several security issues already fixed in qemu and qemu-kvm...
I wasn't aware that Xen was embedding QEMU (what a weird idea !?).
Cheers,
Hugo
--
Hugo Lefeuvre (hle) | www.owl.eu.com
4096/ ACB7 B67F 197F 9B32 1533 431C AC90 AC3E C524 065E
Attachment:
signature.asc
Description: PGP signature