* Xen 3.4.4 security fixes
@ 2012-02-27 12:00 Jonathan Tripathy
2012-02-27 12:08 ` Ian Campbell
0 siblings, 1 reply; 3+ messages in thread
From: Jonathan Tripathy @ 2012-02-27 12:00 UTC (permalink / raw)
To: xen-devel
[-- Attachment #1.1: Type: text/plain, Size: 935 bytes --]
Hi Everyone,
I note that Xen 3.4.4 has been released
http://blog.xen.org/index.php/2012/01/27/xen-3-4-4-update-release/
There is something that I am confused about though. In the release
announcement, it mentions one of the features of the update being:
" Security enhancements includingCVE-2011-1583
<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1583>"
However, the aforementioned CVE seems to only apply to other versions of
Xen (3.4.x is missing in the list of venerable software)
While I'm obviously happy that the latest release is free of this bug,
can someone please shed some light on how this bug was fixed in 3.4.4,
when it wasn't supposed to be present in the first place in 3.4.3?
Also, what other security-related bugs have been fixed? It there a list
somewhere?
I think it's great that there are members out there willing to maintain
the 3.4.x branch. It's very stable. Good job folks!
Cheers
[-- Attachment #1.2: Type: text/html, Size: 2284 bytes --]
[-- Attachment #2: Type: text/plain, Size: 126 bytes --]
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Xen 3.4.4 security fixes
2012-02-27 12:00 Xen 3.4.4 security fixes Jonathan Tripathy
@ 2012-02-27 12:08 ` Ian Campbell
2012-02-27 12:26 ` Jonathan Tripathy
0 siblings, 1 reply; 3+ messages in thread
From: Ian Campbell @ 2012-02-27 12:08 UTC (permalink / raw)
To: Jonathan Tripathy; +Cc: xen-devel
On Mon, 2012-02-27 at 12:00 +0000, Jonathan Tripathy wrote:
> " Security enhancements including CVE-2011-1583"
>
> However, the aforementioned CVE seems to only apply to other versions
> of Xen (3.4.x is missing in the list of venerable software)
>
> While I'm obviously happy that the latest release is free of this bug,
> can someone please shed some light on how this bug was fixed in 3.4.4,
> when it wasn't supposed to be present in the first place in 3.4.3?
Given that 3.3 and 4.0 were vulnerable I think this is simply a case of
3.4 being accidentally omitted from the list.
Ian.
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Xen 3.4.4 security fixes
2012-02-27 12:08 ` Ian Campbell
@ 2012-02-27 12:26 ` Jonathan Tripathy
0 siblings, 0 replies; 3+ messages in thread
From: Jonathan Tripathy @ 2012-02-27 12:26 UTC (permalink / raw)
To: Ian Campbell; +Cc: xen-devel
On 27/02/2012 12:08, Ian Campbell wrote:
> On Mon, 2012-02-27 at 12:00 +0000, Jonathan Tripathy wrote:
>> " Security enhancements including CVE-2011-1583"
>>
>> However, the aforementioned CVE seems to only apply to other versions
>> of Xen (3.4.x is missing in the list of venerable software)
>>
>> While I'm obviously happy that the latest release is free of this bug,
>> can someone please shed some light on how this bug was fixed in 3.4.4,
>> when it wasn't supposed to be present in the first place in 3.4.3?
> Given that 3.3 and 4.0 were vulnerable I think this is simply a case of
> 3.4 being accidentally omitted from the list.
>
> Ian.
>
>
Thanks for the reply, Ian.
Any ideas on what other security issues were fixed?
Thanks
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2012-02-27 12:26 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2012-02-27 12:00 Xen 3.4.4 security fixes Jonathan Tripathy
2012-02-27 12:08 ` Ian Campbell
2012-02-27 12:26 ` Jonathan Tripathy
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.