* CVE-2011-1166
@ 2012-02-28 17:44 Jonathan Tripathy
2012-02-29 14:49 ` CVE-2011-1166 Ian Jackson
0 siblings, 1 reply; 2+ messages in thread
From: Jonathan Tripathy @ 2012-02-28 17:44 UTC (permalink / raw)
To: xen-devel@lists.xen.org
Hi Everyone,
I'm currently looking at CVE-2011-1166:
http://securitytracker.com/id/1025226
Am I correct in saying that this issue is fixed in the latest stable 4.x
branch, but not in the 3.4.4 release? I see the fix here:
http://xenbits.xen.org/hg/staging/xen-unstable.hg/rev/c79aae866ad8
however I do not see the same fix applied in 3.4.4:
http://xenbits.xen.org/hg/xen-3.4-testing.hg/file/ac68ad6fe4b7/xen/arch/x86/domain.c#l716
Shouldn't this be fixed?
Thanks
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: CVE-2011-1166
2012-02-28 17:44 CVE-2011-1166 Jonathan Tripathy
@ 2012-02-29 14:49 ` Ian Jackson
0 siblings, 0 replies; 2+ messages in thread
From: Ian Jackson @ 2012-02-29 14:49 UTC (permalink / raw)
To: Keith Coleman; +Cc: Jonathan Tripathy, xen-devel@lists.xen.org
Jonathan Tripathy writes ("[Xen-devel] CVE-2011-1166"):
> I'm currently looking at CVE-2011-1166:
>
> http://securitytracker.com/id/1025226
>
> Am I correct in saying that this issue is fixed in the latest stable 4.x
> branch, but not in the 3.4.4 release? I see the fix here:
>
> http://xenbits.xen.org/hg/staging/xen-unstable.hg/rev/c79aae866ad8
>
> however I do not see the same fix applied in 3.4.4:
>
> http://xenbits.xen.org/hg/xen-3.4-testing.hg/file/ac68ad6fe4b7/xen/arch/x86/domain.c#l716
>
> Shouldn't this be fixed?
Probably. I haven't checked whether 3.4 is vulnerable. This is a
question for the 3.4 stable tree maintainer, Keith Coleman. Keith ?
Thanks,
Ian.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2012-02-29 14:49 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2012-02-28 17:44 CVE-2011-1166 Jonathan Tripathy
2012-02-29 14:49 ` CVE-2011-1166 Ian Jackson
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).