reopen 688125 retitle 688125 CVE-2012-2625 / CVE-2012-4544 thanks On Sun, Oct 07, 2012 at 06:07:31PM +0200, Bastian Blank wrote: > On Fri, Sep 21, 2012 at 02:23:13PM +0200, Bastian Blank wrote: > > The referenced bug marked with CVE-2012-2625 speaks about the pv loader > > for bzip2 and lzma kernels. This loader is implemented in libxenctrl and > > the hypervisor for dom0. I see no mitigation in this code against large > > decompressed files. Plus there is an integer overflow. > > > > 60f09d1ab1fe fixes reading too large files from guest filesystems using > > pygrub. > > I received no further information. Please reopen _after_ you figured > out, which one this is and this information got published in the CVE > list.
Please see http://lists.xen.org/archives/html/xen-devel/2012-10/msg02015.html for clarification Cheers, Moritz -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]

