From mboxrd@z Thu Jan  1 00:00:00 1970
From: Ian Campbell <ian.campbell@citrix.com>
Subject: Re: DRAFT XSA 142 - libxl fails to honour readonly flag
 on disks with qemu-xen
Date: Mon, 21 Sep 2015 12:58:56 +0100
Message-ID: <1442836736.10338.64.camel@citrix.com>
References: <E1Zbt06-0000AQ-GP@xenbits.xen.org>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-path: <xen-devel-bounces@lists.xen.org>
Received: from mail6.bemta5.messagelabs.com ([195.245.231.135])
	by lists.xen.org with esmtp (Exim 4.72)
	(envelope-from <prvs=699e7550d=Ian.Campbell@citrix.com>)
	id 1ZdzkV-0003zl-9o
	for xen-devel@lists.xenproject.org; Mon, 21 Sep 2015 11:59:11 +0000
In-Reply-To: <E1Zbt06-0000AQ-GP@xenbits.xen.org>
List-Unsubscribe: <http://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <http://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Sender: xen-devel-bounces@lists.xen.org
Errors-To: xen-devel-bounces@lists.xen.org
To: "Xen.org security team" <security@xen.org>, stefano.stabellini@eu.citrix.com, wei.liu2@citrix.com, m.a.young@durham.ac.uk, xen-devel@lists.xenproject.org
List-Id: xen-devel@lists.xenproject.org

On Tue, 2015-09-15 at 16:22 +0000, Xen.org security team wrote:

> VULNERABLE SYSTEMS
> ==================
> 
[...]
> Only systems using libxl or libxl-based toolstacks are vulnerable.
> (This includes libvirt with the libxl driver.)

                ^xl and ... ?

> 
> All versions of libxl which support qemu-xen are vulnerable.  Support
> for qemu-xen was introduced in Xen 4.1.

http://wiki.xenproject.org/wiki/Xen_Project_Release_Features says 4.2 as
preview and 4.3 properly. Which is wrong?

Apart from those minor nits this looks good to me, although I confess I've
not fully been following the discussion.

Ian.