From mboxrd@z Thu Jan  1 00:00:00 1970
From: "=?utf-8?q?S=2E=C3=87a=C4=9Flar?= Onur" <caglar@pardus.org.tr>
Subject: Re: [PATCH] Fix CVE-2007-1320, CVE-2007-1321 ,
	CVE-2007-1322, CVE-2007-1323 and  CVE-2007-1366
Date: Tue, 1 May 2007 17:15:09 +0300
Message-ID: <200705011715.09848.caglar@pardus.org.tr>
References: <C25D02D6.E349%keir@xensource.com>
Reply-To: caglar@pardus.org.tr
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="===============1284681527=="
Return-path: <xen-devel-bounces@lists.xensource.com>
In-Reply-To: <C25D02D6.E349%keir@xensource.com>
List-Unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xensource.com>
List-Help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-Subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
Mime-version: 1.0
Sender: xen-devel-bounces@lists.xensource.com
Errors-To: xen-devel-bounces@lists.xensource.com
To: Keir Fraser <keir@xensource.com>
Cc: xen-devel@lists.xensource.com
List-Id: xen-devel@lists.xenproject.org

--===============1284681527==
Content-Type: multipart/signed; boundary="nextPart2041925.FJLvyVDRQj";
	protocol="application/pgp-signature"; micalg=pgp-sha1
Content-Transfer-Encoding: 7bit

--nextPart2041925.FJLvyVDRQj
Content-Type: text/plain;
  charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

01 May 2007 Sal tarihinde, Keir Fraser =C5=9Funlar=C4=B1 yazm=C4=B1=C5=9Ft=
=C4=B1:=20
> On 1/5/07 14:29, "S.=C3=87a=C4=9Flar Onur" <caglar@pardus.org.tr> wrote:
> > If anybody interested, attached patch (against 3.0.4) fixes
> > CVE-2007-1320, CVE-2007-1321 , CVE-2007-1322, CVE-2007-1323 and
> > CVE-2007-1366 which affects qemu and also seems valid for xen.
>
> Is the patch from upstream qemu? We have our own patches to fix these
> issues in 3.0.5-rc, but we'd consider an alternative that keeps us closer
> to upstream qemu (albeit a later qemu than we build against).

I'm not sure these go into upstream or not but our security team grabbed th=
is=20
from Debian [1].

P.S: while i get your attention :) is it possible to push both 3.0.4 and 3.=
0.5=20
CVEish patches into trees, we have 15 pending patch in our package which=20
submitted to list and xen-bugzilla long before?

[1]=20
http://security.debian.org/pool/updates/main/q/qemu/qemu_0.8.2-4etch1.diff.=
gz
=2D-=20
S.=C3=87a=C4=9Flar Onur <caglar@pardus.org.tr>
http://cekirdek.pardus.org.tr/~caglar/

Linux is like living in a teepee. No Windows, no Gates and an Apache in hou=
se!

--nextPart2041925.FJLvyVDRQj
Content-Type: application/pgp-signature; name=signature.asc 
Content-Description: This is a digitally signed message part.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.3 (GNU/Linux)

iD8DBQBGN0tty7E6i0LKo6YRApG7AJ40+Ri9xga7XHEC+QA46rQQ4MR6RwCfcVtK
DqMByHu0ujSN24eArZ0f3CQ=
=S3bG
-----END PGP SIGNATURE-----

--nextPart2041925.FJLvyVDRQj--


--===============1284681527==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

--===============1284681527==--