From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: Jan Beulich <jbeulich@suse.com>
Cc: cve@kernel.org, linux-kernel@vger.kernel.org,
"security@xenproject.org" <security@xenproject.org>,
Juergen Gross <jgross@suse.com>
Subject: Re: CVE-2021-47573: xen/blkfront: harden blkfront against event channel storms
Date: Thu, 20 Jun 2024 11:41:41 +0200 [thread overview]
Message-ID: <2024062001-jab-eliminate-5198@gregkh> (raw)
In-Reply-To: <92819ebe-8895-4c61-825d-4bd56aac38ad@suse.com>
On Thu, Jun 20, 2024 at 11:32:49AM +0200, Jan Beulich wrote:
> On 20.06.2024 11:20, Greg Kroah-Hartman wrote:
> > On Thu, Jun 20, 2024 at 10:46:10AM +0200, Jan Beulich wrote:
> >> On 20.06.2024 10:18, Greg Kroah-Hartman wrote:
> >>> Also, the XSA-391 announcement doesn't say anything about them either,
> >>> is that intentional?
> >>
> >> If by announcement you mean the email sent out to xen-security-issues@lists.xen.org,
> >> then the copy I'm looking at (v3, the only one having gone public afaict) clearly
> >> lists the three CVEs.
> >
> > I'm looking at:
> > https://xenbits.xen.org/xsa/advisory-391.html
> > and I don't see a git id anywhere, where do you see the v3 announcement
> > saying that?
>
> Hmm, okay, I then misunderstood your earlier reply: I was assuming you
> were looking for the CVE numbers associated with the XSA, as I thought
> that's what you need to know when deciding whether to issue one
> yourself. No, we didn't ever mention commit IDs anywhere, except when
> issuing XSAs after-the-fact (i.e. changes already having gone in earlier
> on). I guess we need to see whether that's feasible to do for Linux XSAs
> going forward. Yet then it may not be needed there, as we'd now ask you
> for CVE numbers in such cases anyway?
Yes, going forward it's not going to matter, I was just trying to verify
that when I assign ids for older stuff like this that I'm not messing up
in an obvious way :)
thanks,
greg k-h
prev parent reply other threads:[~2024-06-20 9:41 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <2024061911-CVE-2021-47573-5c43@gregkh>
2024-06-20 7:53 ` CVE-2021-47573: xen/blkfront: harden blkfront against event channel storms Juergen Gross
2024-06-20 8:18 ` Greg Kroah-Hartman
2024-06-20 8:46 ` Jan Beulich
2024-06-20 9:20 ` Greg Kroah-Hartman
2024-06-20 9:32 ` Jan Beulich
2024-06-20 9:41 ` Greg Kroah-Hartman [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2024062001-jab-eliminate-5198@gregkh \
--to=gregkh@linuxfoundation.org \
--cc=cve@kernel.org \
--cc=jbeulich@suse.com \
--cc=jgross@suse.com \
--cc=linux-kernel@vger.kernel.org \
--cc=security@xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox