lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <f25bc125-a013-4c43-b67d-09512786ae90@redhat.com>
Date: Thu, 29 Feb 2024 21:53:43 +0100
From: Paolo Bonzini <pbonzini@...hat.com>
To: Theodore Ts'o <tytso@....edu>
Cc: Greg KH <gregkh@...nel.org>, cve@...nel.org,
 linux-kernel@...r.kernel.org, KVM list <kvm@...r.kernel.org>,
 Vitaly Kuznetsov <vkuznets@...hat.com>
Subject: Re: CVE-2021-46978: KVM: nVMX: Always make an attempt to map eVMCS
 after migration

On 2/29/24 15:34, Theodore Ts'o wrote:
> On Thu, Feb 29, 2024 at 11:04:45AM +0100, Paolo Bonzini wrote:
>> Also, LKML does not get the initial announcement, which makes it a bit
>> more painful to find the full discussion on lore (you have to go
>> through a "no message with that id, maybe you mean this one from other
>> mailing lists" page, instead of having the whole thread in the same
>> place). A linux-cve mailing list with public posting, used for Cc and
>> Reply-to of the initial message, would solve this issue as well.
> 
> I believe the url https://lore.kernel.org/all/<message-id> will get
> the whole thread, regardless of which mailing lists individual mail
> messages were sent to, does it not?

Yes, it does.  That covers the web interface but it still leaves out 
subscribers and people reading via NNTP.

That said, I'm not sure why people who look at CVEs for a living should 
not have their own lighter-traffic mailing list, which was the main 
reason to have a linux-cve mailing list.

Paolo


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ