Home page logo

oss-sec logo oss-sec mailing list archives

Re: Re: Xen Security Advisory 82 (CVE-2013-6885) - Guest triggerable AMD CPU erratum may cause host hang
From: Matthew Daley <mattd () bugfuzz com>
Date: Tue, 3 Dec 2013 11:43:19 +1300

On Tue, Dec 3, 2013 at 7:16 AM, Kurt Seifried <kseifried () redhat com> wrote:
On 12/02/2013 10:22 AM, Ian Jackson wrote:
* Should the Xen Project security te4am have treated this issue
with an embargo at all, given that the flaw itself was public ?

I would say this depends on the level of public disclosure. For
example from "upstream" (AMD) there was a very limited disclosure (no
public announcement I'm aware of) and just some notes in a single PDF.
However this was also made public via the person who found it and then
picked up by ZDnet in an article, so I would personally count that as
quite public.

Can you post a link to this ZDnet article? I don't think it can be the
one linked in the CVE description itself, because that talks about a
different, earlier bug IIUC; I privately asked Matt Dillon, who
discovered Errata 721, and he agreed that this CVE talks about a
different (but maybe related) Errata, #793.

- Matthew

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]