Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-Id: <200806241014.51258.rbu@gentoo.org>
Date: Tue, 24 Jun 2008 10:14:47 +0200
From: Robert Buchholz <rbu@...too.org>
To: vendor-sec@....de
Cc: "Steven M. Christey" <coley@...us.mitre.org>,
 oss-security@...ts.openwall.com
Subject: Re: [vendor-sec] Re: New Xen ioemu: PVFB backend issue

On Monday 23 June 2008, Steven M. Christey wrote:
> On Thu, 19 Jun 2008, Nico Golde wrote:
> > Can you take care about the remaining steps to get this on
> > the mitre site or Steve could you update this? Quite some
> > time passed since this was assigned :)
>
> There was enough in the initial post, I just missed it the first time
> around.
>
> Any idea on affected Xen versions?

It is not part of the latest release 3.2.1, as it was only introduced 
two days prior (May 13) here:
http://xenbits.xensource.com/xen-unstable.hg?rev/53195719f762

As mentioned, fixed here:
http://xenbits.xensource.com/xen-unstable.hg?rev/9044705960cb

As for the first commit, it does not fall under CVE-2008-1952 -- so I 
assume we need a new CVE, marking CVE-2008-1952 as an improper fix for 
it.


> ======================================================
> Name: CVE-2008-1952
...
> amoount of guest memory.

a-moo-unt ? ;-)


Robert

Download attachment "signature.asc " of type "application/pgp-signature" (836 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.