|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] Xen Security Advisory 11 (CVE-2012-3433) - HVM destroy p2m host DoS (Xen.org security team)
At 09:30 -0700 on 09 Aug (1344504612), Andres Lagar-Cavilla wrote: > I realize Gridcentric is neither a service provider, nor a "big vendor", > and therefore not on the pre-disclosure list. > > However, this is a bug on which we have first-hand knowledge and ability > to immediately mitigate. In fact, I wrote equivalent code for 4.2/unstable > months ago. For which, thank you -- your patch, and the description of it at the time, made drafting this response much easier! > I ignored the xen-devel discussion on pre-disclosure list (my bad), but > understand now that there may be some use to Gridcentric being in that > list. If you mean helping draft a fix, being on the pre-disclosure list wouldn't have made a difference (unless you see a problem with the published fix), as that was all done before pre-disclosure. As to whether GridCentric ought to be on the pre-disclosure list as a downstream vendor, now is definitely the time to speak up in the discussion of what the new policy should be. Cheers, Tim. _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |