Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: Xen: Devel

Re: Xen Security Advisory 11 (CVE-2012-3433) - HVM destroy p2m host DoS (Xen.org security team)

 

 

Xen devel RSS feed   Index | Next | Previous | View Threaded


George.Dunlap at eu

Aug 9, 2012, 9:40 AM

Post #1 of 2 (127 views)
Permalink
Re: Xen Security Advisory 11 (CVE-2012-3433) - HVM destroy p2m host DoS (Xen.org security team)

On Thu, Aug 9, 2012 at 5:30 PM, Andres Lagar-Cavilla
<andres [at] lagarcavilla> wrote:
> I realize Gridcentric is neither a service provider, nor a "big vendor",
> and therefore not on the pre-disclosure list.
>
> However, this is a bug on which we have first-hand knowledge and ability
> to immediately mitigate. In fact, I wrote equivalent code for 4.2/unstable
> months ago.

I don't quite understand -- are you saying you could have helped craft
a fix? Or are you saying that you would like to be on the list for
your customers' sake?

> I ignored the xen-devel discussion on pre-disclosure list (my bad), but
> understand now that there may be some use to Gridcentric being in that
> list.

The discussion has not concluded yet; you can even still express your
voice in the "poll" here:

http://xen.org/polls/xen_dev_2012_security_process.html

It would probably be good to take a look at the discussion before
answering; at least my recent posts describing the various options and
the criteria to judge them by. :-)

Peace,
-George

_______________________________________________
Xen-devel mailing list
Xen-devel [at] lists
http://lists.xen.org/xen-devel


andres at lagarcavilla

Aug 9, 2012, 9:44 AM

Post #2 of 2 (122 views)
Permalink
Re: Xen Security Advisory 11 (CVE-2012-3433) - HVM destroy p2m host DoS (Xen.org security team) [In reply to]

> On Thu, Aug 9, 2012 at 5:30 PM, Andres Lagar-Cavilla
> <andres [at] lagarcavilla> wrote:
>> I realize Gridcentric is neither a service provider, nor a "big vendor",
>> and therefore not on the pre-disclosure list.
>>
>> However, this is a bug on which we have first-hand knowledge and ability
>> to immediately mitigate. In fact, I wrote equivalent code for
>> 4.2/unstable
>> months ago.
>
> I don't quite understand -- are you saying you could have helped craft
> a fix? Or are you saying that you would like to be on the list for
> your customers' sake?

The former primarily. But ultimately both.

>
>> I ignored the xen-devel discussion on pre-disclosure list (my bad), but
>> understand now that there may be some use to Gridcentric being in that
>> list.
>
> The discussion has not concluded yet; you can even still express your
> voice in the "poll" here:
>
> http://xen.org/polls/xen_dev_2012_security_process.html
>
> It would probably be good to take a look at the discussion before
> answering; at least my recent posts describing the various options and
> the criteria to judge them by. :-)

Yes that will take some serious groking cycles. Thanks for the link.

Andres

>
> Peace,
> -George
>



_______________________________________________
Xen-devel mailing list
Xen-devel [at] lists
http://lists.xen.org/xen-devel

Xen devel RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.