Moritz M?hlenhoff writes ("Re: Updated Xen packages for XSA 216..225"):> Since the queue was already quite big and this update was ready > I went ahead and released what we had for now.Yes, sorry, I should have been explicit that that's what I expected you to do... Ian.
Moritz Muehlenhoff
2017-Sep-13 13:25 UTC
[Pkg-xen-devel] Updated Xen packages for XSA 216..225
On Wed, Sep 13, 2017 at 01:30:47PM +0100, Ian Jackson wrote:> Moritz M?hlenhoff writes ("Re: Updated Xen packages for XSA 216..225"): > > Since the queue was already quite big and this update was ready > > I went ahead and released what we had for now. > > Yes, sorry, I should have been explicit that that's what I expected > you to do...BTW, did Xen upstream ever request CVE IDs for XSA-206 and XSA-207? Otherwise I'd do that via cveform.mitre.org. Cheers, Moritz
Moritz Muehlenhoff writes ("Re: Updated Xen packages for XSA 216..225"):> On Wed, Sep 13, 2017 at 01:30:47PM +0100, Ian Jackson wrote: > > Moritz M?hlenhoff writes ("Re: Updated Xen packages for XSA 216..225"): > > > Since the queue was already quite big and this update was ready > > > I went ahead and released what we had for now. > > > > Yes, sorry, I should have been explicit that that's what I expected > > you to do... > > BTW, did Xen upstream ever request CVE IDs for XSA-206 and XSA-207? > Otherwise I'd do that via cveform.mitre.org.fx: switches hats to Xen Project Security Team We did but only by email and MITRE ignore us. Please go ahead and use the CVE form, and notify security at xenproject.org of the response. We'll send out updated advisories. Thanks, Ian.