Openwall Project   /home  Owl  JtR  Pro  crypt  pam_passwdqc  tcb  phpass  scanlogd  popa3d  msulogin  /  Linux  BIND  /  advisories  presentations  /  services  donations  /  wordlists  passwords  /  NEWS  community  lists  Wiki  CVSweb  mirrors  signatures
bringing security into open environments
 
Password Recovery Resources on the Net
[<prev] [next>] [<thread-prev] [month] [year] [list] 
Date: Tue, 24 Jun 2008 10:14:47 +0200
From: Robert Buchholz <rbu@...too.org>
To: vendor-sec@....de
Cc: "Steven M. Christey" <coley@...us.mitre.org>,
 oss-security@...ts.openwall.com
Subject: Re: [vendor-sec] Re: New Xen ioemu: PVFB backend issue

On Monday 23 June 2008, Steven M. Christey wrote:
> On Thu, 19 Jun 2008, Nico Golde wrote:
> > Can you take care about the remaining steps to get this on
> > the mitre site or Steve could you update this? Quite some
> > time passed since this was assigned :)
>
> There was enough in the initial post, I just missed it the first time
> around.
>
> Any idea on affected Xen versions?

It is not part of the latest release 3.2.1, as it was only introduced 
two days prior (May 13) here:
http://xenbits.xensource.com/xen-unstable.hg?rev/53195719f762

As mentioned, fixed here:
http://xenbits.xensource.com/xen-unstable.hg?rev/9044705960cb

As for the first commit, it does not fall under CVE-2008-1952 -- so I 
assume we need a new CVE, marking CVE-2008-1952 as an improper fix for 
it.


> ======================================================
> Name: CVE-2008-1952
...
> amoount of guest memory.

a-moo-unt ? ;-)


Robert

[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ