[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [oss-security] Xen Security Advisory 27 (CVE-2012-5511) - several HVM operations do not validate the range of their inputs



All,

This advisory required two different CVE IDs - not one - because the stack-based buffer overflow was fixed in a different version than the other issues. CVE assigns different IDs when bugs are not present in the same exact set of versions.
CVE-2012-5511 - use this, but only for the stack-based buffer overflow 
that was fixed in 4.2.
CVE-2012-6333 - new ID for the other "large input" validation issues that 
lead to the physical CPU hang, which were NOT fixed in 4.2.

- Steve

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.