oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Re: Xen Security Advisory 82 (CVE-2013-6885) - Guest triggerable AMD CPU erratum may cause host hang

From: Matthew Daley <mattd () bugfuzz com>
Date: Tue, 3 Dec 2013 11:43:19 +1300
On Tue, Dec 3, 2013 at 7:16 AM, Kurt Seifried <kseifried () redhat com> wrote:

On 12/02/2013 10:22 AM, Ian Jackson wrote:

* Should the Xen Project security te4am have treated this issue
with an embargo at all, given that the flaw itself was public ?


I would say this depends on the level of public disclosure. For
example from "upstream" (AMD) there was a very limited disclosure (no
public announcement I'm aware of) and just some notes in a single PDF.
However this was also made public via the person who found it and then
picked up by ZDnet in an article, so I would personally count that as
quite public.


Can you post a link to this ZDnet article? I don't think it can be the
one linked in the CVE description itself, because that talks about a
different, earlier bug IIUC; I privately asked Matt Dillon, who
discovered Errata 721, and he agreed that this CVE talks about a
different (but maybe related) Errata, #793.

- Matthew
Previous By Date Next
Previous By Thread Next

Current thread: