From mboxrd@z Thu Jan  1 00:00:00 1970
From: Wei Liu <wei.liu2@citrix.com>
Subject: Re: Xen Security Advisory 180 (CVE-2014-3672) -
 Unrestricted qemu logging
Date: Wed, 25 May 2016 16:43:36 +0100
Message-ID: <20160525154336.GS22076@citrix.com>
References: <E1b4tME-0003x1-2c@xenbits.xenproject.org>
 <CAFLBxZb766cT2ZnQEDeT3hGEs-6D-aVQ67L7tKo90-nhhzcJ-g@mail.gmail.com>
 <20160525145123.GC18213@citrix.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
Return-path: <xen-devel-bounces@lists.xen.org>
Content-Disposition: inline
In-Reply-To: <20160525145123.GC18213@citrix.com>
List-Unsubscribe: <http://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
 <mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <http://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
 <mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Errors-To: xen-devel-bounces@lists.xen.org
Sender: "Xen-devel" <xen-devel-bounces@lists.xen.org>
To: George Dunlap <george.dunlap@citrix.com>
Cc: "xen-devel@lists.xen.org" <xen-devel@lists.xen.org>, Wei Liu <wei.liu2@citrix.com>, "Xen.org security team" <security@xen.org>
List-Id: xen-devel@lists.xenproject.org

T24gV2VkLCBNYXkgMjUsIDIwMTYgYXQgMDM6NTE6MjNQTSArMDEwMCwgV2VpIExpdSB3cm90ZToK
PiBPbiBXZWQsIE1heSAyNSwgMjAxNiBhdCAwMzowNDo0MFBNICswMTAwLCBHZW9yZ2UgRHVubGFw
IHdyb3RlOgo+ID4gT24gTW9uLCBNYXkgMjMsIDIwMTYgYXQgNjowOSBQTSwgWGVuLm9yZyBzZWN1
cml0eSB0ZWFtIDxzZWN1cml0eUB4ZW4ub3JnPiB3cm90ZToKPiA+ID4gUkVTT0xVVElPTgo+ID4g
PiA9PT09PT09PT09Cj4gPiA+Cj4gPiA+IEFwcGx5aW5nIHRoZSBhcHByb3ByaWF0ZSBhdHRhY2hl
ZCBwYXRjaCByZXNvbHZlcyB0aGlzIGlzc3VlLgo+ID4gPgo+ID4gPiBUaGUgcGF0Y2hlcyBhZG9w
dCBhIHNpbXBsZSBhbmQgcmF0aGVyIGNydWRlIGFwcHJvYWNoIHdoaWNoIGlzCj4gPiA+IGVmZmVj
dGl2ZSBhdCByZXNvbHZpbmcgdGhlIHNlY3VyaXR5IGlzc3VlIGluIHRoZSBjb250ZXh0IG9mIGEg
WGVuCj4gPiA+IGRldmljZSBtb2RlbC4gIFRoZXkgbWF5IG5vdCBiZSBhcHByb3ByaWF0ZSBmb3Ig
YWRvcHRpb24gdXBzdHJlYW0gb3IgaW4KPiA+ID4gb3RoZXIgY29udGV4dHMuCj4gPiAKPiA+IFRo
aXMgaXMgaW5kZWVkIGEgcmF0aGVyIGNydWRlIGFwcHJvYWNoOyBidXQgZm9yIG91ciB1cGNvbWlu
ZyA0LjcKPiA+IHJlbGVhc2UsIHdoYXQncyB0aGUgcGxhbj8gIERvIHdlIGhhdmUgdGltZSB0byBn
ZW5lcmFsaXplIHhlbmNvbnNvbGVkCj4gPiB0byBoYW5kbGUgdGhpcyBzb3J0IG9mIGxvZ2dpbmcs
IGFuZCBpZiBzbywgd2hvIGlzIGdvaW5nIHRvIGRvIHRoYXQKPiA+IHdvcms/Cj4gPiAKPiAKPiBJ
IHRoaXMgaXQncyBnb2luZyB0byBiZSBhIGJpdCBpbnRydXNpdmUgYXQgdGhpcyBwb2ludCB0byBj
aGFuZ2UKPiB4ZW5jb25zb2xlZCB0byBkbyB0aGF0LiBIb3dldmVyIGl0IHNob3VsZCBiZSB0b28g
aGFyZCB0byB0ZXN0Lgo+IFdlIGFsc28gbmVlZCBwZW9wbGUgdG8gdGVzdCBhbmQgcmV2aWV3IGl0
LiBBbGwgaW4gYWxsIGl0IHNlZW1zIHRpbWUgaXMKPiB2ZXJ5IHRpZ2h0Lgo+IAoKSSBqdXN0IHJl
YWQgdGhlIGNvZGUgb2YgdmlydGxvZ2QgYW5kIHhlbmNvbnNvbGVkLgoKSSB0aGluayB4ZW5jb25z
b2xlZCBpcyBtaXNzaW5nIGF0IGxlYXN0IHRoaW5ncy4KCkZyb20gYSBoaWdoZXIgbGV2ZWw6Cgox
LiBBYnN0cmFjdGlvbiBvZiByb3RhdGluZyBmaWxlLgoyLiBBYnN0cmFjdGlvbiBvZiBjbGllbnQu
CjMuIElQQyBpbnRlcmZhY2UgdG8gbGlieGwgLS0gcHJlc3VtYWJseSB3ZSBuZWVkIHRvIGNyZWF0
ZSBhIHNvY2tldC4KClRoZW4gd2UgbmVlZCB0byB3cml0ZSBjb2RlIGluIGxpYnhsIHRvIHVzZSBp
dC4gVGhhdCB0aGVuIGludm9sdmVzCmludmVudGluZyBhIHByb3RvY29sIHRvIHBhc3MgdGhlIGZp
bGUgbmFtZSB0byB4ZW5jb25zb2xlZCAoYXNzdW1pbmcgd2UKc3RpbGwgd2FudCBvbmUgZmlsZSBw
ZXIgcWVtdSkuCgpXZWkuCgpfX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f
X19fX19fXwpYZW4tZGV2ZWwgbWFpbGluZyBsaXN0Clhlbi1kZXZlbEBsaXN0cy54ZW4ub3JnCmh0
dHA6Ly9saXN0cy54ZW4ub3JnL3hlbi1kZXZlbAo=