Pkg xen devel - Jul 2012 - Bug#683279: CVE-2012-3432

Package: xen
Severity: grave
Tags: security

Please see
http://www.openwall.com/lists/oss-security/2012/07/26/4 

Cheers,
        Moritz

Control: severity -1 important

On Mon, Jul 30, 2012 at 03:24:55PM +0200, Moritz Muehlenhoff
wrote:
> Please see
> http://www.openwall.com/lists/oss-security/2012/07/26/4 
This can only be used to crash a client from within.

Bastian

-- 
He's dead, Jim.
		-- McCoy, "The Devil in the Dark", stardate 3196.1

Processing control commands:
> severity -1 important
Bug #683279 [xen] CVE-2012-3432
Severity set to 'important' from 'grave'

-- 
683279: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683279
Debian Bug Tracking System
Contact owner at bugs.debian.org with problems

On Mon, Jul 30, 2012 at 04:09:21PM +0200, Bastian Blank
wrote:
> Control: severity -1 important
> 
> On Mon, Jul 30, 2012 at 03:24:55PM +0200, Moritz Muehlenhoff wrote:
> > Please see
> > http://www.openwall.com/lists/oss-security/2012/07/26/4 
> 
> This can only be used to crash a client from within.
Additional issue:
http://www.openwall.com/lists/oss-security/2012/08/09/3

Cheers,
        Moritz

Your message dated Tue, 14 Aug 2012 21:17:33 +0000
with message-id <E1T1OUX-0005Tb-Ll at franck.debian.org>
and subject line Bug#683279: fixed in xen 4.0.1-5.3
has caused the Debian Bug report #683279,
regarding CVE-2012-3432
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner at bugs.debian.org
immediately.)


-- 
683279: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683279
Debian Bug Tracking System
Contact owner at bugs.debian.org with problems
-------------- next part --------------
An embedded message was scrubbed...
From: Moritz Muehlenhoff <muehlenhoff at univention.de>
Subject: CVE-2012-3432
Date: Mon, 30 Jul 2012 15:24:55 +0200
Size: 2445
URL:
<http://lists.alioth.debian.org/pipermail/pkg-xen-devel/attachments/20120814/b2395bb8/attachment.mht>
-------------- next part --------------
An embedded message was scrubbed...
From: Guido Trotter <ultrotter at debian.org>
Subject: Bug#683279: fixed in xen 4.0.1-5.3
Date: Tue, 14 Aug 2012 21:17:33 +0000
Size: 5863
URL:
<http://lists.alioth.debian.org/pipermail/pkg-xen-devel/attachments/20120814/b2395bb8/attachment-0001.mht>

Your message dated Fri, 17 Aug 2012 22:39:47 +0000
with message-id <E1T2VCl-0002ja-LF at franck.debian.org>
and subject line Bug#683279: fixed in xen 4.1.3-1
has caused the Debian Bug report #683279,
regarding CVE-2012-3432
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner at bugs.debian.org
immediately.)


-- 
683279: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683279
Debian Bug Tracking System
Contact owner at bugs.debian.org with problems
-------------- next part --------------
An embedded message was scrubbed...
From: Moritz Muehlenhoff <muehlenhoff at univention.de>
Subject: CVE-2012-3432
Date: Mon, 30 Jul 2012 15:24:55 +0200
Size: 2445
URL:
<http://lists.alioth.debian.org/pipermail/pkg-xen-devel/attachments/20120817/ce53b7bb/attachment-0002.mht>
-------------- next part --------------
An embedded message was scrubbed...
From: Bastian Blank <waldi at debian.org>
Subject: Bug#683279: fixed in xen 4.1.3-1
Date: Fri, 17 Aug 2012 22:39:47 +0000
Size: 8720
URL:
<http://lists.alioth.debian.org/pipermail/pkg-xen-devel/attachments/20120817/ce53b7bb/attachment-0003.mht>