Hi, There was new packages (4.4.3-3) released on Oct 29, but they don't address the CVE-2015-7835 problems. Does anyone have news about a rebuild with this fix applied? Or should we make our own build? /jens
On Wed, Nov 4, 2015 at 1:18 PM, Jens Larsson <jens at nsc.liu.se> wrote:> Hi, > > There was new packages (4.4.3-3) released on Oct 29, but they don't > address the CVE-2015-7835 problems. Does anyone have news about a > rebuild with this fix applied? Or should we make our own build?Actually they do includu CVE-2015-7835 (aka XSA-148) -- I just made a mistake when I made the changelog. Sorry about that. -George
>> There was new packages (4.4.3-3) released on Oct 29, but they don't >> address the CVE-2015-7835 problems. Does anyone have news about a >> rebuild with this fix applied? Or should we make our own build? > > Actually they do includu CVE-2015-7835 (aka XSA-148) -- I just made a > mistake when I made the changelog. Sorry about that. > > -GeorgeAh, I thought I was careful before posting and even checked the source RPM. But of course I did it wrong. The patch is there all right... Sorry for the noise. And thanks for all the good work on this project! /jens
Reasonably Related Threads
- CVE-2015-7835
- CVE-2015-7835
- Bug#859560: xen: CVE-2017-7228: x86: broken check in memory_exchange() permits PV guest breakout (XSA-212)
- Are XSA-289, XSA-274/CVE-2018-14678 fixed ?
- Bug#780227: XSA-123 / CVE-2015-2151 Hypervisor memory corruption due to x86 emulator flaw