[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] Xen Security Advisory 82 (CVE-2013-6885) - Guest triggerable AMD CPU erratum may cause host hang

To: Ian.Jackson@xxxxxxxxxxxxx
From: cve-assign@xxxxxxxxx
Date: Mon, 2 Dec 2013 18:35:24 -0500 (EST)
Cc: oss-security@xxxxxxxxxxxxxxxxxx, xen-devel@xxxxxxxxxxxxx, security@xxxxxxx, cve-assign@xxxxxxxxx
Delivery-date: Tue, 03 Dec 2013 16:07:48 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> This was sent by MITRE as part of the CVE assignment. It seems likely
> to us (the Xen Project security team) that the CVE assignment was a
> consequence of our embargoed predisclosure to xen-security-issues.

MITRE typically does not know about multi-party embargo arrangements
affecting Linux vendors and various other vendors, and did not know
about any multi-party embargo arrangement in this case. If anyone who
is regularly involved in vulnerability remediation affecting the
open-source community asks MITRE to send an announcement of a CVE
assignment to oss-security, we send that announcement without any
investigation of disclosure restrictions. Although it is unfortunate
if such an announcement had an adverse effect on a planned disclosure
timeline, we feel that this is an isolated case and does not mean that
we need to reevaluate our approach. Also, once an issue is mentioned
on oss-security by anyone, we consider the issue fully public and we
sometimes proceed to publish a CVE immediately.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJSnRcQAAoJEKllVAevmvmshl8H/0d/jkBYZP11YbWOzTXQrKGj
exCXvUaC6BOukr1+u1eh7GR1W98NY5S7DT3oHDu0DzAfJ2iR4AAM0513V9mCUo/f
LBBGsw+pyzPKeI5UQdXJ8GQ0Ut/WlbMB4qj0+ZuwKjCKFCdir2Xx7H0H3Ptb3qik
38JgvO+bpMxDWnrF+Nh6SkuocB9jXuDCbCGO5Q4jaj1CcExmaRV9H8A0O4VbvtTj
VQa+eY48H7WpBqKUrKylo/zZT5pBs/3tH0FSymiGLP9aFCDAl5xazf9LWq3iow/D
AND3rDNlEzmDJ8zSHzx0wrvHTW8xMpj3KAk3z4D8G8XTmw7reltAVo1eGPmL6S0=
=ouMl
-----END PGP SIGNATURE-----

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

References:
- Re: [Xen-devel] Xen Security Advisory 82 (CVE-2013-6885) - Guest triggerable AMD CPU erratum may cause host hang
  - From: Ian Jackson

Prev by Date: Re: [Xen-devel] [PATCH v2 3/4] makedumpfile/xen: Fail immediately on every architecture if dump level is invalid
Next by Date: Re: [Xen-devel] [edk2] [PATCH v4 1/7] MdeModulePkg: introduce PcdPciDisableBusEnumeration
Previous by thread: Re: [Xen-devel] [oss-security] Re: Xen Security Advisory 82 (CVE-2013-6885) - Guest triggerable AMD CPU erratum may cause host hang
Next by thread: Re: [Xen-devel] [PATCH 5/5] xen/arm: Only enable physical IRQs when the guest asks
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.