From mboxrd@z Thu Jan  1 00:00:00 1970
From: AL13N <alien@rmail.be>
Subject: Re: Xen security issues
Date: Sun, 14 Apr 2013 20:35:29 +0200
Message-ID: <8568660.6LpFT92G3A@localhost>
References: <25803516.LYmxQrITfk@localhost>
	<1365934503.16851.10.camel@dagon.hellion.org.uk>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-path: <xen-devel-bounces@lists.xen.org>
In-Reply-To: <1365934503.16851.10.camel@dagon.hellion.org.uk>
List-Unsubscribe: <http://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <http://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Sender: xen-devel-bounces@lists.xen.org
Errors-To: xen-devel-bounces@lists.xen.org
To: xen-devel@lists.xen.org
Cc: Ian Campbell <Ian.Campbell@citrix.com>
List-Id: xen-devel@lists.xenproject.org

Op zondag 14 april 2013 11:15:03 schreef Ian Campbell:
> On Sun, 2013-04-14 at 08:05 +0100, AL13N wrote:
> > I'm the Mageia maintainer and i'm a bit behind on patching CVE-* .
> > 
> > can anyone help me find out which of these are actually applicable for
> > 4.1.2?
> You can find a list of the already public Xen security announcements,
> with CVE numbers and links to advisories, patches etc at:
> 
> http://wiki.xen.org/wiki/Security_Announcements

the problem is not finding the patches :-)

the problem is which in those huge lists are actually applicable to that 
specific version: xen-4.2.1

or more, which aren't applicable :-).

> You should also consider asking to be on the vulnerability predisclosure
> list as described at:
> 
> http://www.xen.org/projects/security_vulnerability_process.html
> 
> Ian.

good idea...