re: Xen Security Advisory 65 (CVE-2013-4344) - qemu SCSI REPORT LUNS buffer overflow

[security curmudgeon <jericho () attrition org>]

: Please refer to the advisories and information from the Qemu project.

What advisories and information? Qemu page shows last release Aug 27 and 
the changelog does not appear to reference this issue. There are no 
obvious 'security advisory' links off their navigation menu.

Could you please include such links in YOUR advisories so we don't have to 
go chasing them down, since you have clearly seen them given the wording 
above?