CVE-2010-2070 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2070): arch/ia64/xen/faults.c in Xen 3.4 and 4.0 in Linux kernel 2.6.18, and possibly other kernel versions, when running on IA-64 architectures, allows local users to cause a denial of service and "turn on BE by modifying the user mask of the PSR," as demonstrated via exploitation of CVE-2006-0742. Please check if our latest xen-sources is still affected by this. A possible patch might be http://xenbits.xensource.com/hg/xen-4.0-testing.hg/rev/42caadb14edb . If possible, please add that patch to our latest 2.6.18 kernel. However, my take is that we probably don't want to do that as xen-sources is obsolete nowadays anyways and Xen-4 should be used with the mainline kernels. What are your plans regarding the deprecation and removal of xen-sources?
You are on track re not wanting to do so, or that it is not warranted. It is ia64, and xen is only keyworded for x86 and amd64. The preference in xen herd is indeed to depracate the xen kernels soon
Oh ok, I didn't check if it was keyworded on ia64 or not. Thanks for the explanation, this can be closed.