[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Xen 4.1.6.1 backport + Ubuntu patches ready for testing (take 3)



On 2016-05-16 19:13:28, Brian May wrote:
> Brian May <bam@debian.org> writes:
>
>> Any objections by anybody if I upload Antoine Beaupré's packages to
>> Debian, this Monday morning at Melbourne timezone?
>
> Done.
>
> Next step, the DLA. I went through the changelog and remove entries that
> are already marked as fixed in the security tracker. I think we need to
> mark the following as fixed, does this list look correct and complete?
>
>     * CVE-2015-2752: xsa125-4.2.patch
>     * CVE-2015-2756: xsa126-qemut.patch
>     * CVE-2015-5165: xsa140-backport.patch (no-dsa)
>     * CVE-2015-5307: xsa156-4.2.patch
>     * CVE-2015-7969: xsa149.patch
>     * CVE-2015-7969: xsa151.patch
>     * CVE-2015-7970: xsa150-4.1.patch (no-dsa)
>     * CVE-2015-7971: xsa152-4.5.patch
>     * CVE-2015-7972: xsa153-libxl-4.2.patch (no-dsa, xl)
>     * CVE-2015-8104: xsa156-4.2.patch
>     * CVE-2015-8339: xsa159.patch
>     * CVE-2015-8340: xsa159.patch
>     * CVE-2015-8550: xsa155-qemut-qdisk-double-access.patch
>     * CVE-2015-8550: xsa155-qemut-xenfb.patch
>     * CVE-2015-8550: xsa155-xen-0001-xen-Add-RING_COPY_REQUEST.patch
>     * CVE-2015-8550: xsa155-xen-0002-blktap2-Use-RING_COPY_REQUEST.patch
>     * CVE-2015-8554: xsa164.patch
>     * CVE-2015-8555: xsa165-4.1.patch
>     * CVE-2015-8615: xsa169.patch
>     * CVE-2016-1570: xsa167-4.4.patch
>     * CVE-2016-1571: xsa168.patch
>     * CVE-2016-2270: xsa154-4.1.patch
>     * CVE-2016-2271: xsa170-4.3.patch

It's hard to tell without redoing the exact same process you did
yourself. :p

I would say just go ahead, and we'll need to do a similar sweep in
data/CVE/list later as well.

I'll mark this on my TODO and will do so tomorrow if no one else steps
up.

A.
-- 
Religion is like a blind man looking in a black room for a black cat
that isn't there, and finding it.
                         - Oscar Wilde


Reply to: