Date: Thu, 13 Dec 2012 17:03:23 -0500 (EST) From: "Steven M. Christey" <coley@...-smtp.mitre.org> To: oss-security@...ts.openwall.com cc: xen-announce@...ts.xen.org, xen-devel@...ts.xen.org, xen-users@...ts.xen.org, "Xen.org security team" <security@....org> Subject: Re: Xen Security Advisory 27 (CVE-2012-5511) - several HVM operations do not validate the range of their inputs All, This advisory required two different CVE IDs - not one - because the stack-based buffer overflow was fixed in a different version than the other issues. CVE assigns different IDs when bugs are not present in the same exact set of versions. CVE-2012-5511 - use this, but only for the stack-based buffer overflow that was fixed in 4.2. CVE-2012-6333 - new ID for the other "large input" validation issues that lead to the physical CPU hang, which were NOT fixed in 4.2. - Steve
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.