[Bug 1064061] Virtualization/xen: Bug tracking multiple Xen CVEs

http://bugzilla.suse.com/show_bug.cgi?id=1064061 http://bugzilla.suse.com/show_bug.cgi?id=1064061#c3 Charles Arnold <carnold@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Flags|needinfo?(carnold@suse.com) | --- Comment #3 from Charles Arnold <carnold@suse.com> --- (In reply to pgnd _ from comment #2)
Great. Just to understand the 'link' ...
Link in this case is an expression saying that when I push fixes into sles12sp3 they will automatically get pushed to os42.3. This is because the official channel for both contains Xen 4.9 and that version will not change through the life of both products (we do change the dot version, 4.9.0 -> 4.9.1).
For example, for one CVE @ SuSE
https://www.suse.com/security/cve/CVE-2017-15594
it references the fix in
openSUSE Leap 42.3 xen >= 4.9.0_14-10.1
That openSUSE fix *is* targeted at
http://download.opensuse.org/repositories/Virtualization/openSUSE_Leap_42.3
? (which happens, atm, to have xen-4.10.0_01-537.1.x86_64.rpm)
Not some other openSUSE repo, correct?
The Virtualization/xen repo contains the most recent Xen version being worked on for the next SLES/openSUSE release - in this case xen 4.10. The repo has build targets for the older versions of openSUSE (eg, 42.2 and 42.3) for those interested in running it there but it is not the supported version of Xen for those older distros. Only the version that initially shipped with the distro will be officially supported with updates from the update channel. So for openSUSE 42.2, only Xen 4.7.x is supported with updates and for 42.3, only Xen 4.9.x. Xen 4.10 might run fine on 42.3 but it isn't specifically being tested there so your mileage may vary. Upstream Xen 4.10 is still in the 'rc' phase of development so expect some churn. -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com