[Pkg-xen-devel] Bug#784011: Bug#784011: xen: CVE-2015-3340: Information leak through XEN_DOMCTL_gettscinfo (XSA-132)

Salvatore Bonaccorso carnil at debian.org
Sat May 2 13:18:23 UTC 2015


Hi Bastian,

On Sat, May 02, 2015 at 02:03:10PM +0200, Bastian Blank wrote:
> On Sat, May 02, 2015 at 07:04:34AM +0200, Salvatore Bonaccorso wrote:
> > the following vulnerability was published for xen.
> 
> I consider this issue as unimportant.  Not sure how I can mark it this
> way in the security tracker.

Basically the severities behind the status in brackets. But note that
in this case it was already marked low, with the meaning of severities
in
http://security-team.debian.org/security_tracker.html#severity-levels


Basically then adding (unimportant) in the line for the package, in
this case

	- xen <unfixed> (unimportant; bug #784011).

I have changed that now, refering to your comment in this bug.

Regards,
Salvatore



More information about the Pkg-xen-devel mailing list