[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Xen security updates on Wheezy

On Thu, Mar 24, 2016 at 01:37:19PM -0400, Antoine Beaupré wrote:
> (Opening a new thread to clarify topic.)
> Brian, I have tested the packages you have proided here:
> https://people.debian.org/~bam/wheezy/xen/amd64/
> They seem to hold, although I have yet to test them in production. One
> thing I noticed is that they don't seem to fix CVE-2015-8104 and
> CVE-2015-5307, ie. that the patches you posted in
> <[🔎] 87d1qvvzhi.fsf@prune.linuxpenguins.xyz> were not factored into the
> package. That would seem to be important (and maybe we could push those
> back towards the Ubuntu folks as well).
> I think that, with those two patches, the Xen packages would be up to
> date in Wheezy! Security team: can we get your go for a DSA on those?
> I'd send a debdiff first of course.

Please first sort out the final set of patches and send us the debdiff.

And then please ask people for testing the built packages for production,
I can't test xen/wheezy myself, so I need additional external testing


Reply to: