Re: Xen security updates on Wheezy

To: Antoine Beaupré <anarcat@orangeseeds.org>
Cc: debian-lts@lists.debian.org, Debian Security Team <team@security.debian.org>, Brian May <bam@debian.org>, Guido Günther <agx@sigxcpu.org>
Subject: Re: Xen security updates on Wheezy
From: Moritz Mühlenhoff <jmm@inutil.org>
Date: Fri, 25 Mar 2016 15:48:12 +0100
Message-id: <[🔎] 20160325144812.GA4693@pisco.westfalen.local>
In-reply-to: <[🔎] 871t6z93qo.fsf@angela.anarcat.ath.cx>
References: <[🔎] 871t6z93qo.fsf@angela.anarcat.ath.cx>

On Thu, Mar 24, 2016 at 01:37:19PM -0400, Antoine Beaupré wrote:
> (Opening a new thread to clarify topic.)
> 
> Brian, I have tested the packages you have proided here:
> 
> https://people.debian.org/~bam/wheezy/xen/amd64/
> 
> They seem to hold, although I have yet to test them in production. One
> thing I noticed is that they don't seem to fix CVE-2015-8104 and
> CVE-2015-5307, ie. that the patches you posted in
> <[🔎] 87d1qvvzhi.fsf@prune.linuxpenguins.xyz> were not factored into the
> package. That would seem to be important (and maybe we could push those
> back towards the Ubuntu folks as well).
> 
> I think that, with those two patches, the Xen packages would be up to
> date in Wheezy! Security team: can we get your go for a DSA on those?
> I'd send a debdiff first of course.

Please first sort out the final set of patches and send us the debdiff.

And then please ask people for testing the built packages for production,
I can't test xen/wheezy myself, so I need additional external testing
feedback.

Cheers,
        Moritz

Reply to:

References:
- Xen security updates on Wheezy
  - From: Antoine Beaupré <anarcat@orangeseeds.org>

Prev by Date: Re: CVE-2015-7557/librsvg packages for wheezy and jessie (was: squeeze update of librsvg?)
Next by Date: Re: nss: CVE-2015-7181, CVE-2015-7182 and CVE-2015-4000 [was nss: CVE-2015-4000]
Previous by thread: Xen security updates on Wheezy
Next by thread: Re: Xen security updates on Wheezy
Index(es):
- Date
- Thread