Re: CVE triage for Xen
On Wed, Jan 04, 2017 at 10:12:44AM +0100, Hugo Lefeuvre wrote:
> Hi Guido,
> > See https://wiki.xenproject.org/wiki/QEMU_Upstream . It's only used for
> > device emulation so bugs in e.g. TCG or KVM are not affecting XEN. Also
> > all devices not available on i386 / amd64 can be ignored. That should
> > already cut down the list considerably.
> Thanks for the advice. So, I can safely ignore all virtIO, qcow & ui issues ?
Looking at the above URL virtio is only supported from 4.2
onwards. QCOW2 is supported as image format in Wheezy's XEN IMHO but you
can ignore all CVEs in QEMU related tools like qemu-img.
I also think UI issues can be ignored.
> Hugo Lefeuvre (hle) | www.owl.eu.com
> 4096/ ACB7 B67F 197F 9B32 1533 431C AC90 AC3E C524 065E