Mailinglist Archive: opensuse-security (13 mails)

< Previous Next >
Re: [opensuse-security] Xen Critical vulnerability CVE-2015-7835 unpatched in Opensuse/Xen packages
On 10/30/2015 02:59 AM, jsegitz@xxxxxxx wrote:
On Thu, Oct 29, 2015 at 05:30:08PM -0700, PGNet Dev wrote:
Where's this security patch in the package tree?

The issues were under embargo until yesterday. Up until now we didn't
receive openSUSE submission. I asked the maintainer to provide submits.

Johannes


According to

http://www.xenproject.org/security-policy.html

In addition to

CentOS, Debian, Gentoo, Mageia, Ubuntu ...

both

Novell, Suse

are on the Xen pre-disclosure list.

It's not clear to me why Opensuse is not. Obviously Suse 'knew'.

Can that be fixed so that unnecessary periods of security exposure on production machines, specifically in the case of well communicated pre-disclosure, can be avoided in the future?

Simply, Opensuse should be on that list and similarly responsive.
--
To unsubscribe, e-mail: opensuse-security+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-security+owner@xxxxxxxxxxxx

< Previous Next >
List Navigation
Follow Ups
References