>>> On 31.01.17 at 16:11, wrote:
> OK, I've rewritten the section thus:
>
> ---
>
> 4. The security team will only issue an advisory if there is a known
> combination of software in which the vulnerability can be exploited.
>
> In most cases, the software which contains the bug is also the targ
t;>>>>> On 24.01.17 at 12:33, wrote:
>>>>>> Jan Beulich writes ("Re: [Xen-devel] RFC: Adding a section to the Xen
>>>> security
>>>>>> policy about what constitutes a vulnerability"):
>>>>>>> "If a bu
>>> On 24.01.17 at 17:33, wrote:
>> On Jan 24, 2017, at 3:08 PM, Jan Beulich wrote:
>>>>> On 24.01.17 at 16:01, wrote:
>>>> On Jan 24, 2017, at 11:43 AM, Jan Beulich wrote:
>>>>>>> On 24.01.17 at 12:33, wrote:
>>>
> On Jan 24, 2017, at 3:08 PM, Jan Beulich wrote:
>
>>>> On 24.01.17 at 16:01, wrote:
>
>>> On Jan 24, 2017, at 11:43 AM, Jan Beulich wrote:
>>>
>>>>>> On 24.01.17 at 12:33, wrote:
>>>> Jan Beulich writes ("Re: [X
>>> On 24.01.17 at 16:01, wrote:
>> On Jan 24, 2017, at 11:43 AM, Jan Beulich wrote:
>>
>>>>> On 24.01.17 at 12:33, wrote:
>>> Jan Beulich writes ("Re: [Xen-devel] RFC: Adding a section to the Xen
> security
>>> policy about
> On Jan 24, 2017, at 11:43 AM, Jan Beulich wrote:
>
>>>> On 24.01.17 at 12:33, wrote:
>> Jan Beulich writes ("Re: [Xen-devel] RFC: Adding a section to the Xen
>> security
>> policy about what constitutes a vulnerability"):
>>>
>>> On 24.01.17 at 12:33, wrote:
> Jan Beulich writes ("Re: [Xen-devel] RFC: Adding a section to the Xen
> security
> policy about what constitutes a vulnerability"):
>> "If a bug requires a vulnerable operating system to be exploitable, the
>> Xe
Jan Beulich writes ("Re: [Xen-devel] RFC: Adding a section to the Xen security
policy about what constitutes a vulnerability"):
> "If a bug requires a vulnerable operating system to be exploitable, the
> Xen Security Team will pro-actively investigate the vulnerability of
>>> On 23.01.17 at 12:27, wrote:
> On Wed, Jan 4, 2017 at 2:48 PM, George Dunlap
> wrote:
>> On Wed, Jan 4, 2017 at 1:16 PM, Jan Beulich wrote:
>> On 04.01.17 at 13:36, wrote:
4. The security team will only issue an advisory if there is a known
combination of software in which th
On Wed, Jan 4, 2017 at 2:48 PM, George Dunlap wrote:
> On Wed, Jan 4, 2017 at 1:16 PM, Jan Beulich wrote:
> On 04.01.17 at 13:36, wrote:
>>> 4. The security team will only issue an advisory if there is a known
>>> combination of software in which the vulnerability can be exploited.
>>>
>>> I
George Dunlap writes ("[Xen-devel] RFC: Adding a section to the Xen security
policy about what constitutes a vulnerability"):
> If a bug requires a vulnerable operating system to be exploitable, the
> Xen Security Team will pro-actively investigate the vulnerability of
> the fo
On Wed, 4 Jan 2017, George Dunlap wrote:
> The Xen Security Team has dealt with a number of issues recently where
> it wasn't exactly clear whether we should issue an advisory or not:
> the Xen Security Response Process only mentiones "'vulnerabilities",
> without specifying what constitutes a vuln
On Wed, Jan 04, 2017 at 12:43:02PM +, George Dunlap wrote:
> On Wed, Jan 4, 2017 at 12:36 PM, George Dunlap
> wrote:
> > 4. The security team will only issue an advisory if there is a known
> > combination of software in which the vulnerability can be exploited.
> >
> > In most cases, the sof
On Wed, Jan 4, 2017 at 1:16 PM, Jan Beulich wrote:
On 04.01.17 at 13:36, wrote:
>> 4. The security team will only issue an advisory if there is a known
>> combination of software in which the vulnerability can be exploited.
>>
>> In most cases, the software which contains the bug is also the
>>> On 04.01.17 at 13:36, wrote:
> 4. The security team will only issue an advisory if there is a known
> combination of software in which the vulnerability can be exploited.
>
> In most cases, the software which contains the bug is also the target
> of the attack: that is, a bug in Xen allows an
On Wed, Jan 4, 2017 at 12:36 PM, George Dunlap wrote:
> 4. The security team will only issue an advisory if there is a known
> combination of software in which the vulnerability can be exploited.
>
> In most cases, the software which contains the bug is also the target
> of the attack: that is, a
The Xen Security Team has dealt with a number of issues recently where
it wasn't exactly clear whether we should issue an advisory or not:
the Xen Security Response Process only mentiones "'vulnerabilities",
without specifying what constitutes a vulnerability.
Issuing advisories has a cost: It cos
17 matches
Mail list logo
