From: "S.Çağlar Onur" <caglar@pardus.org.tr>
To: Keir Fraser <keir@xensource.com>
Cc: xen-devel@lists.xensource.com
Subject: Re: [PATCH] Fix CVE-2007-1320, CVE-2007-1321 , CVE-2007-1322, CVE-2007-1323 and CVE-2007-1366
Date: Tue, 1 May 2007 17:15:09 +0300 [thread overview]
Message-ID: <200705011715.09848.caglar@pardus.org.tr> (raw)
In-Reply-To: <C25D02D6.E349%keir@xensource.com>
[-- Attachment #1.1: Type: text/plain, Size: 1113 bytes --]
01 May 2007 Sal tarihinde, Keir Fraser şunları yazmıştı:
> On 1/5/07 14:29, "S.Çağlar Onur" <caglar@pardus.org.tr> wrote:
> > If anybody interested, attached patch (against 3.0.4) fixes
> > CVE-2007-1320, CVE-2007-1321 , CVE-2007-1322, CVE-2007-1323 and
> > CVE-2007-1366 which affects qemu and also seems valid for xen.
>
> Is the patch from upstream qemu? We have our own patches to fix these
> issues in 3.0.5-rc, but we'd consider an alternative that keeps us closer
> to upstream qemu (albeit a later qemu than we build against).
I'm not sure these go into upstream or not but our security team grabbed this
from Debian [1].
P.S: while i get your attention :) is it possible to push both 3.0.4 and 3.0.5
CVEish patches into trees, we have 15 pending patch in our package which
submitted to list and xen-bugzilla long before?
[1]
http://security.debian.org/pool/updates/main/q/qemu/qemu_0.8.2-4etch1.diff.gz
--
S.Çağlar Onur <caglar@pardus.org.tr>
http://cekirdek.pardus.org.tr/~caglar/
Linux is like living in a teepee. No Windows, no Gates and an Apache in house!
[-- Attachment #1.2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 189 bytes --]
[-- Attachment #2: Type: text/plain, Size: 138 bytes --]
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel
next prev parent reply other threads:[~2007-05-01 14:15 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-05-01 13:29 [PATCH] Fix CVE-2007-1320, CVE-2007-1321 , CVE-2007-1322, CVE-2007-1323 and CVE-2007-1366 S.Çağlar Onur
2007-05-01 13:44 ` Keir Fraser
2007-05-01 14:15 ` S.Çağlar Onur [this message]
2007-05-01 14:44 ` Keir Fraser
2007-05-01 18:56 ` S.Çağlar Onur
2007-05-01 20:12 ` Keir Fraser
2007-05-01 20:46 ` S.Çağlar Onur
2007-05-01 23:04 ` S.Çağlar Onur
2007-05-01 18:14 ` Christian Limpach
2007-05-01 19:21 ` S.Çağlar Onur
2007-09-25 22:45 ` Robert Buchholz
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200705011715.09848.caglar@pardus.org.tr \
--to=caglar@pardus.org.tr \
--cc=keir@xensource.com \
--cc=xen-devel@lists.xensource.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.