[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] old (but unfixed in our clones) qemu security issues?
From: |
Stefano Stabellini |
Subject: |
Re: [Qemu-devel] old (but unfixed in our clones) qemu security issues? |
Date: |
Mon, 2 Mar 2015 14:18:23 +0000 |
User-agent: |
Alpine 2.02 (DEB 1266 2009-07-14) |
On Mon, 2 Mar 2015, Jan Beulich wrote:
> >>> On 02.03.15 at 15:05, <address@hidden> wrote:
> > I guess I could monitor cve.mitre.org or the QEMU stable tree for
> > commits with "CVE" in the commit message, but there isn't much else I
> > can do.
>
> Yes, I think the latter is (for the time being) the most promising route.
> Question is how much work it is going to be to find out about past
> ones.
I could look at the matching QEMU stable tree for each of our past
qemu-xen-upstream releases.
Unfortunately it is going to be an error prone process as QEMU stable
trees have shorter maintenance cycles compared to Xen Project. I am
unlikely to find recent CVEs backported to 1.6.x, that is the base for
qemu-xen in Xen 4.4.