[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] Xen Security Advisory 11 (CVE-2012-3433) - HVM destroy p2m host DoS (Xen.org security team)

  • To: "George Dunlap" <George.Dunlap@xxxxxxxxxxxxx>
  • From: "Andres Lagar-Cavilla" <andres@xxxxxxxxxxxxxxxx>
  • Date: Thu, 9 Aug 2012 09:44:41 -0700
  • Cc: ian.jackson@xxxxxxxxxx, security@xxxxxxx, tim@xxxxxxx, ian.campbell@xxxxxxxxxx, xen-devel@xxxxxxxxxxxxx
  • Delivery-date: Thu, 09 Aug 2012 16:45:12 +0000
  • Domainkey-signature: a=rsa-sha1; c=nofws; d=lagarcavilla.org; h=message-id :in-reply-to:references:date:subject:from:to:cc:reply-to :mime-version:content-type:content-transfer-encoding; q=dns; s= lagarcavilla.org; b=OOVLLz9vwP7CVyy/SJ6D+A+60/3LycSi8UI4DGAkVqzD EZpBbNcdt5EDHKvh14c6GcnNJNsjWc+LsQEyJ0K9r4K04NTXsNbjSxorhbyee+H8 w5k5nkjHkXds/cnTywGvrbC9164hJwfKfkhAjGFq7w/K/KLggU/99ivo+WTFFo0=
  • List-id: Xen developer discussion <xen-devel.lists.xen.org>
> On Thu, Aug 9, 2012 at 5:30 PM, Andres Lagar-Cavilla
> <andres@xxxxxxxxxxxxxxxx> wrote:
>> I realize Gridcentric is neither a service provider, nor a "big vendor",
>> and therefore not on the pre-disclosure list.
>>
>> However, this is a bug on which we have first-hand knowledge and ability
>> to immediately mitigate. In fact, I wrote equivalent code for
>> 4.2/unstable
>> months ago.
>
> I don't quite understand -- are you saying you could have helped craft
> a fix?  Or are you saying that you would like to be on the list for
> your customers' sake?

The former primarily. But ultimately both.

>
>> I ignored the xen-devel discussion on pre-disclosure list (my bad), but
>> understand now that there may be some use to Gridcentric being in that
>> list.
>
> The discussion has not concluded yet; you can even still express your
> voice in the "poll" here:
>
> http://xen.org/polls/xen_dev_2012_security_process.html
>
> It would probably be good to take a look at the discussion before
> answering; at least my recent posts describing the various options and
> the criteria to judge them by. :-)

Yes that will take some serious groking cycles. Thanks for the link.

Andres

>
> Peace,
>  -George
>



_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.