Re: CVE triage for Xen

To: Hugo Lefeuvre <hle@debian.org>
Cc: debian-lts@lists.debian.org
Subject: Re: CVE triage for Xen
From: Guido Günther <agx@sigxcpu.org>
Date: Wed, 4 Jan 2017 18:38:47 +0100
Message-id: <[🔎] 20170104173847.kshj6wi6kuib76jk@bogon.m.sigxcpu.org>
Mail-followup-to: Guido Günther <agx@sigxcpu.org>, Hugo Lefeuvre <hle@debian.org>, debian-lts@lists.debian.org
In-reply-to: <[🔎] 20170104091243.xwvpapch2lywlmxa@hle.local>
References: <20161227230348.tyqskyd473h63m7t@hle.local> <20161228163433.idun3muew5jalfey@bogon.m.sigxcpu.org> <[🔎] 20170104091243.xwvpapch2lywlmxa@hle.local>

Hi Hugo,
On Wed, Jan 04, 2017 at 10:12:44AM +0100, Hugo Lefeuvre wrote:
> Hi Guido,
> 
> > See https://wiki.xenproject.org/wiki/QEMU_Upstream . It's only used for
> > device emulation so bugs in e.g. TCG or KVM are not affecting XEN. Also
> > all devices not available on i386 / amd64 can be ignored. That should
> > already cut down the list considerably.
> 
> Thanks for the advice. So, I can safely ignore all virtIO, qcow & ui issues ?

Looking at the above URL virtio is only supported from 4.2
onwards. QCOW2 is supported as image format in Wheezy's XEN IMHO but you
can ignore all CVEs in QEMU related tools like qemu-img.

I also think UI issues can be ignored.

Cheers,
 -- Guido

> 
> Cheers,
>  Hugo
> 
> -- 
>              Hugo Lefeuvre (hle)    |    www.owl.eu.com
> 4096/ ACB7 B67F 197F 9B32 1533 431C AC90 AC3E C524 065E

Reply to:

References:
- Re: CVE triage for Xen
  - From: Hugo Lefeuvre <hle@debian.org>

Prev by Date: Wheezy update of pcsc-lite?
Next by Date: Re: Wheezy update of rabbitmq-server?
Previous by thread: Re: CVE triage for Xen
Next by thread: ipv6 routing memory leak
Index(es):
- Date
- Thread