[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Fri, 19 Dec 2008 10:59:40 +0100
From: Jan Lieskovsky <jlieskov@...hat.com>
To: "Steven M. Christey" <coley@...re.org>
Cc: oss-security@...ts.openwall.com
Subject: CVE Request -- Xen (Upstream patch for CVE-2008-4405 is incomplete)
Hello Steve,
originally CVE id of CVE-2008-4405 has been assigned to
the following Xen backend issue:
Original references:
http://lists.xensource.com/archives/html/xen-devel/2008-09/msg00992.html
http://lists.xensource.com/archives/html/xen-devel/2008-09/msg00994.html
(place where was pointed out, this is a security problem -^).
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4405
Original patch:
http://xenbits.xensource.com/staging/xen-3.3-testing.hg?rev/e0e17216ba70
The problem:
Daniel P.Berrange has discovered, this original patch is incomplete
to fix this issue. More details here:
http://lists.xensource.com/archives/html/xen-devel/2008-12/msg00842.html
Credit goes to: Daniel P.Berrange
Steve, could you please allocate a new CVE id for this revised
fix?
Thanks, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the
Open Source Software Security Wiki, which is counterpart to this
mailing list.
Powered by Openwall GNU/*/Linux -
Powered by OpenVZ
