Package: xen-3 Severity: grave Tags: security Justification: user security hole
Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for xen-3. CVE-2008-2004[0]: | The drive_init function in QEMU 0.9.1 determines the format of a raw | disk image based on the header, which allows local guest users to read | arbitrary files on the host by modifying the header to identify a | different format, which is used when the guest is restarted. The patch for qemu can be found here[1]. If you fix the vulnerability please also make sure to include the CVE id in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2004 http://security-tracker.debian.net/tracker/CVE-2008-2004 [1] http://svn.savannah.gnu.org/viewvc/trunk/vl.c?root=qemu&r1=4277&r2=4276&pathrev=4277 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
