Xen security updates on Wheezy

To: debian-lts@lists.debian.org, Debian Security Team <team@security.debian.org>
Cc: Brian May <bam@debian.org>, Moritz Muehlenhoff <jmm@debian.org>, Guido Günther <agx@sigxcpu.org>
Subject: Xen security updates on Wheezy
From: Antoine Beaupré <anarcat@orangeseeds.org>
Date: Thu, 24 Mar 2016 13:37:19 -0400
Message-id: <[🔎] 871t6z93qo.fsf@angela.anarcat.ath.cx>

(Opening a new thread to clarify topic.)

Brian, I have tested the packages you have proided here:

https://people.debian.org/~bam/wheezy/xen/amd64/

They seem to hold, although I have yet to test them in production. One
thing I noticed is that they don't seem to fix CVE-2015-8104 and
CVE-2015-5307, ie. that the patches you posted in
<[🔎] 87d1qvvzhi.fsf@prune.linuxpenguins.xyz> were not factored into the
package. That would seem to be important (and maybe we could push those
back towards the Ubuntu folks as well).

I think that, with those two patches, the Xen packages would be up to
date in Wheezy! Security team: can we get your go for a DSA on those?
I'd send a debdiff first of course.

Brian: should I go ahead and build that myself or do you want to
followup on Xen yourself?

A.
-- 
Uncompromising war resistance and refusal to do military service under
any circumstances.
                       - Albert Einstein

Reply to:

Follow-Ups:
- Re: Xen security updates on Wheezy
  - From: Moritz Mühlenhoff <jmm@inutil.org>
- Re: Xen security updates on Wheezy
  - From: Brian May <bam@debian.org>

Prev by Date: Re: working for wheezy-security until wheezy-lts starts
Next by Date: Re: Archive of squeeze-lts ?
Previous by thread: Re: Bug#818843: debian-security-support: new earlyend type, consider future end of support
Next by thread: Re: Xen security updates on Wheezy
Index(es):
- Date
- Thread