xen-devel.lists.xenproject.org archive mirror
 help / color / mirror / Atom feed
* Recent CVE
@ 2012-06-14 10:27 Jonathan Tripathy
  2012-06-14 10:56 ` Roger Pau Monne
  0 siblings, 1 reply; 7+ messages in thread
From: Jonathan Tripathy @ 2012-06-14 10:27 UTC (permalink / raw)
  To: xen-devel@lists.xen.org

Hi Everyone,

According to this CVE:

http://lists.xen.org/archives/html/xen-announce/2012-06/msg00001.html

The patch has been added to xen-3.4-testing.hg. However, when I look here:

http://xenbits.xen.org/hg/xen-3.4-testing.hg/

I don't see any recent commits.

Am I missing something? I feel it is very important that these patches 
make its way into this branch, and tagged as 3.4.5 ASAP :)

Thanks

^ permalink raw reply	[flat|nested] 7+ messages in thread
* Re: Recent CVE
  2012-06-14 10:27 Recent CVE Jonathan Tripathy
@ 2012-06-14 10:56 ` Roger Pau Monne
  2012-06-14 11:09   ` Jonathan Tripathy
  2012-06-14 11:13   ` Ian Jackson
  0 siblings, 2 replies; 7+ messages in thread
From: Roger Pau Monne @ 2012-06-14 10:56 UTC (permalink / raw)
  To: Jonathan Tripathy; +Cc: Ian Jackson, xen-devel@lists.xen.org

Jonathan Tripathy wrote:
> Hi Everyone,
>
> According to this CVE:
>
> http://lists.xen.org/archives/html/xen-announce/2012-06/msg00001.html
>
> The patch has been added to xen-3.4-testing.hg. However, when I look here:
>
> http://xenbits.xen.org/hg/xen-3.4-testing.hg/

It's still in staging:

http://xenbits.xen.org/hg/staging/xen-3.4-testing.hg/

>
> I don't see any recent commits.
>
> Am I missing something? I feel it is very important that these patches
> make its way into this branch, and tagged as 3.4.5 ASAP :)

Not sure why they haven't made it to the repos. I'm Ccing Ian Jackson 
about this.

^ permalink raw reply	[flat|nested] 7+ messages in thread
* Re: Recent CVE
  2012-06-14 10:56 ` Roger Pau Monne
@ 2012-06-14 11:09   ` Jonathan Tripathy
  2012-06-14 11:13   ` Ian Jackson
  1 sibling, 0 replies; 7+ messages in thread
From: Jonathan Tripathy @ 2012-06-14 11:09 UTC (permalink / raw)
  To: xen-devel


On 14/06/2012 11:56, Roger Pau Monne wrote:
> Jonathan Tripathy wrote:
>> Hi Everyone,
>>
>> According to this CVE:
>>
>> http://lists.xen.org/archives/html/xen-announce/2012-06/msg00001.html
>>
>> The patch has been added to xen-3.4-testing.hg. However, when I look 
>> here:
>>
>> http://xenbits.xen.org/hg/xen-3.4-testing.hg/
>
> It's still in staging:
>
> http://xenbits.xen.org/hg/staging/xen-3.4-testing.hg/
>
>>
>> I don't see any recent commits.
>>
>> Am I missing something? I feel it is very important that these patches
>> make its way into this branch, and tagged as 3.4.5 ASAP :)
>
> Not sure why they haven't made it to the repos. I'm Ccing Ian Jackson 
> about this.
>
>
Let's also not forget the following CVEs which don't seem to be 
backported yet:

CVE-2011-2901
CVE-2011-1898
CVE-2012-0029
CVE-2011-1166

Thanks

^ permalink raw reply	[flat|nested] 7+ messages in thread
* Re: Recent CVE
  2012-06-14 10:56 ` Roger Pau Monne
  2012-06-14 11:09   ` Jonathan Tripathy
@ 2012-06-14 11:13   ` Ian Jackson
  2012-06-14 11:44     ` Jan Beulich
  1 sibling, 1 reply; 7+ messages in thread
From: Ian Jackson @ 2012-06-14 11:13 UTC (permalink / raw)
  To: Roger Pau Monne, Keith Coleman; +Cc: Jonathan Tripathy, xen-devel@lists.xen.org

Roger Pau Monne writes ("Re: [Xen-devel] Recent CVE"):
> Jonathan Tripathy wrote:
> > Hi Everyone,
> >
> > According to this CVE:
> >
> > http://lists.xen.org/archives/html/xen-announce/2012-06/msg00001.html
> >
> > The patch has been added to xen-3.4-testing.hg. However, when I look here:
> >
> > http://xenbits.xen.org/hg/xen-3.4-testing.hg/
> 
> It's still in staging:
> 
> http://xenbits.xen.org/hg/staging/xen-3.4-testing.hg/
...
> Not sure why they haven't made it to the repos. I'm Ccing Ian Jackson 
> about this.

The 3.4 tree doesn't have an automatic push from staging to main.
(The testing software we are using postdates 3.4.)

Looking at the repos, it seems that Keith has been using the main
tree, not staging.  But I pushed the security changes to staging.

Keith, can you say what should be done now ?  I think the best thing
would probably be to hg merge staging into main; there are only those
two security fix commits in staging.

And then we should probably delete the staging tree entirely.

Thanks,
Ian.

^ permalink raw reply	[flat|nested] 7+ messages in thread
* Re: Recent CVE
  2012-06-14 11:13   ` Ian Jackson
@ 2012-06-14 11:44     ` Jan Beulich
  2012-06-14 12:20       ` Keith Coleman
  0 siblings, 1 reply; 7+ messages in thread
From: Jan Beulich @ 2012-06-14 11:44 UTC (permalink / raw)
  To: Ian Jackson
  Cc: xen-devel@lists.xen.org, Keith Coleman, Jonathan Tripathy,
	Roger Pau Monne

>>> On 14.06.12 at 13:13, Ian Jackson <Ian.Jackson@eu.citrix.com> wrote:
> And then we should probably delete the staging tree entirely.

Along with all other 3.* staging ones perhaps...

Jan

^ permalink raw reply	[flat|nested] 7+ messages in thread
* Re: Recent CVE
  2012-06-14 11:44     ` Jan Beulich
@ 2012-06-14 12:20       ` Keith Coleman
  2012-07-02 11:33         ` Ian Jackson
  0 siblings, 1 reply; 7+ messages in thread
From: Keith Coleman @ 2012-06-14 12:20 UTC (permalink / raw)
  To: Jan Beulich
  Cc: xen-devel@lists.xen.org, Ian Jackson, Jonathan Tripathy,
	Roger Pau Monne

On Thu, Jun 14, 2012 at 7:44 AM, Jan Beulich <JBeulich@suse.com> wrote:
>>>> On 14.06.12 at 13:13, Ian Jackson <Ian.Jackson@eu.citrix.com> wrote:
>> And then we should probably delete the staging tree entirely.
>
> Along with all other 3.* staging ones perhaps...
>

The changes have now been pushed to the main tree. I agree that we
should remove the 3.* staging trees.


--
Keith Coleman

^ permalink raw reply	[flat|nested] 7+ messages in thread
* Re: Recent CVE
  2012-06-14 12:20       ` Keith Coleman
@ 2012-07-02 11:33         ` Ian Jackson
  0 siblings, 0 replies; 7+ messages in thread
From: Ian Jackson @ 2012-07-02 11:33 UTC (permalink / raw)
  To: Keith Coleman
  Cc: Roger Pau Monne, Jonathan Tripathy, Jan Beulich,
	xen-devel@lists.xen.org

Keith Coleman writes ("Re: [Xen-devel] Recent CVE"):
> On Thu, Jun 14, 2012 at 7:44 AM, Jan Beulich <JBeulich@suse.com> wrote:
> >>>> On 14.06.12 at 13:13, Ian Jackson <Ian.Jackson@eu.citrix.com> wrote:
> >> And then we should probably delete the staging tree entirely.
> >
> > Along with all other 3.* staging ones perhaps...
> 
> The changes have now been pushed to the main tree. I agree that we
> should remove the 3.* staging trees.

I have done this.  Well, moved them to ~xen/HG/staging/old in case we
need them for something.

Ian.

^ permalink raw reply	[flat|nested] 7+ messages in thread
end of thread, other threads:[~2012-07-02 11:33 UTC | newest]

Thread overview: 7+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2012-06-14 10:27 Recent CVE Jonathan Tripathy
2012-06-14 10:56 ` Roger Pau Monne
2012-06-14 11:09   ` Jonathan Tripathy
2012-06-14 11:13   ` Ian Jackson
2012-06-14 11:44     ` Jan Beulich
2012-06-14 12:20       ` Keith Coleman
2012-07-02 11:33         ` Ian Jackson

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).