[CentOS-virt] Xen Security patching

Sat Nov 23 12:33:05 UTC 2013
Johnny Hughes <johnny at centos.org>

On 11/23/2013 06:24 AM, Johnny Hughes wrote:
> On 11/22/2013 01:12 PM, Chris Elliott wrote:
>> Hi Guys
>> When is the next update of Hypervisor packages going to be released?
>> There appears to be no changes to the main hypervisor RPMs since
>> September (Even in the BETA / RC1 tree) and there are 5+ Xen Security
>> Advisories with patches which need to be added.
>> “Security issues are handled and released in sync with public
>> disclosure upstream with zero lag”
>> I can rebuild my own, but that’s not really the point. In other news
>> I’ve been doing some testing of the 3.10 kernel and so far so good!
> That is not true ...
> I updated testing RPMS into the rc1 tree and announced it here:
> http://lists.centos.org/pipermail/centos-virt/2013-November/003485.html
> If I can get at least one or 2 people to tell me this works, I'll push it.
> Thanks,
> Johnny Hughes

By not true, I mean that all XSAs that are applicable up to xsa-72 are
in the xen-4.2.3-24 RPMS in the RC1 repo right now. I have gotten 0
feedback since I released them. (xsa-62 through xsa-72)

xsa-73, xsa-75, xsa-78 can be released now, but they are very new.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos-virt/attachments/20131123/c13b6057/attachment-0004.sig>