From: Matthew Daley <mattd@bugfuzz.com>
To: oss-security@lists.openwall.com
Cc: "Xen.org security team" <security@xen.org>,
Xen-devel <xen-devel@lists.xen.org>
Subject: Re: [oss-security] Re: Xen Security Advisory 82 (CVE-2013-6885) - Guest triggerable AMD CPU erratum may cause host hang
Date: Tue, 3 Dec 2013 11:43:19 +1300 [thread overview]
Message-ID: <CAD3CanfhSatMstdbeZzFr=uAPDGxdmVE9dOHteyYA5EmcVDuVg@mail.gmail.com> (raw)
In-Reply-To: <529CCE8C.6010005@redhat.com>
On Tue, Dec 3, 2013 at 7:16 AM, Kurt Seifried <kseifried@redhat.com> wrote:
> On 12/02/2013 10:22 AM, Ian Jackson wrote:
>> * Should the Xen Project security te4am have treated this issue
>> with an embargo at all, given that the flaw itself was public ?
>
> I would say this depends on the level of public disclosure. For
> example from "upstream" (AMD) there was a very limited disclosure (no
> public announcement I'm aware of) and just some notes in a single PDF.
> However this was also made public via the person who found it and then
> picked up by ZDnet in an article, so I would personally count that as
> quite public.
Can you post a link to this ZDnet article? I don't think it can be the
one linked in the CVE description itself, because that talks about a
different, earlier bug IIUC; I privately asked Matt Dillon, who
discovered Errata 721, and he agreed that this CVE talks about a
different (but maybe related) Errata, #793.
- Matthew
next prev parent reply other threads:[~2013-12-02 22:43 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <E1VnX4T-0000AR-1P@xenbits.xen.org>
2013-12-02 17:22 ` Xen Security Advisory 82 (CVE-2013-6885) - Guest triggerable AMD CPU erratum may cause host hang Ian Jackson
2013-12-02 18:16 ` [oss-security] " Kurt Seifried
[not found] ` <529CCE8C.6010005@redhat.com>
2013-12-02 22:43 ` Matthew Daley [this message]
2013-12-04 22:43 ` Andrew Cooper
2013-12-02 23:35 ` cve-assign
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAD3CanfhSatMstdbeZzFr=uAPDGxdmVE9dOHteyYA5EmcVDuVg@mail.gmail.com' \
--to=mattd@bugfuzz.com \
--cc=oss-security@lists.openwall.com \
--cc=security@xen.org \
--cc=xen-devel@lists.xen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).