Hi, On Wed, Oct 12, 2022 at 07:38:17PM +0200, Moritz Mühlenhoff wrote: > Source: xen > X-Debbugs-CC: t...@security.debian.org > Severity: important > Tags: security > > Hi, > > The following vulnerabilities were published for xen. > > CVE-2022-33749[0]: > | XAPI open file limit DoS It is possible for an unauthenticated client > | on the network to cause XAPI to hit its file-descriptor limit. This > | causes XAPI to be unable to accept new requests for other (trusted) > | clients, and blocks XAPI from carrying out any tasks that require the > | opening of file descriptors. > > https://xenbits.xen.org/xsa/advisory-413.html
FTR, I think this should not be tracked for src:xen (and upated the security-tracker already earlier), as it is for xapi (not found in src:xen but in the earlier removed src:xen-api). Regards, Salvatore
