oss-security - CVE Request -- Xen (Upstream patch for CVE-2008-4405 is incomplete)

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [thread-next>] [day] [month] [year] [list]

Message-Id: <1229680780.19341.7.camel@iankko.englab.brq.redhat.com>
Date: Fri, 19 Dec 2008 10:59:40 +0100
From: Jan Lieskovsky <jlieskov@...hat.com>
To: "Steven M. Christey" <coley@...re.org>
Cc: oss-security@...ts.openwall.com
Subject: CVE Request -- Xen (Upstream patch for CVE-2008-4405 is incomplete)

Hello Steve,

  originally CVE id of CVE-2008-4405 has been assigned to
the following Xen backend issue:

Original references:
http://lists.xensource.com/archives/html/xen-devel/2008-09/msg00992.html
http://lists.xensource.com/archives/html/xen-devel/2008-09/msg00994.html
(place where was pointed out, this is a security problem -^).
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4405

Original patch:
http://xenbits.xensource.com/staging/xen-3.3-testing.hg?rev/e0e17216ba70

The problem:

Daniel P.Berrange has discovered, this original patch is incomplete
to fix this issue. More details here:

http://lists.xensource.com/archives/html/xen-devel/2008-12/msg00842.html

Credit goes to: Daniel P.Berrange 

Steve, could you please allocate a new CVE id for this revised
fix?

Thanks, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.