Hi,

November 2016 was my third month as a payed Debian LTS contributor.

I was allocated 11 hours. I spent all of them in CVE triage for Xen.

Longer explanation:
 It has been reported by Guido G√ľnter that Xen before v4.4.0-1 embeds
 a copy of QEMU 0.10.2. Xen has version 4.1.4 in wheezy, so it is
 potentially vulnerable to all security issues affecting QEMU in the
 last years.

 I have written a script to determine which security issues had to be
 triaged (roughly 160 security issues involved) and triaged 120 of
 them. 45 issues turned out to be affecting Xen in wheezy.

Cheers,
 Hugo

-- 
             Hugo Lefeuvre (hle)    |    www.owl.eu.com
4096/ ACB7 B67F 197F 9B32 1533 431C AC90 AC3E C524 065E

Attachment: signature.asc
Description: PGP signature

Reply via email to