Xen 4.17 LTS

To: Debian LTS <debian-lts@lists.debian.org>, Debian Xen Team <pkg-xen-devel@lists.alioth.debian.org>, team@security.debian.org
Cc: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
Subject: Xen 4.17 LTS
From: Santiago Ruano Rincón <santiagorr@riseup.net>
Date: Tue, 29 Apr 2025 23:56:51 -0300
Message-id: <[🔎] aBGRc01TyKrBMrqk@voleno>

Hello all,

(And sorry, I realise now that I should had put the security team and
Xen maintainers more in the loop at some point.)

This is something that we had tried to do for Xen 4.14
(https://bugs.debian.org/1053246), but we failed to find an external
party able to help.
The full announcement can be found at
https://www.freexian.com/blog/xen-4.17-lts/, and for completeness, you
can have the main part of it here below:


Freexian is pleased to announce a partnership with Invisible Things Lab
(https://invisiblethingslab.com/) to extend the security support of the
Xen type-1 hypervisor version 4.17. Three years after its initial
release, Xen 4.17, the version available in Debian 12 "bookworm", will
reach end-of-security-support status upstream on December 2025
(https://xenbits.xen.org/docs/unstable/support-matrix.html). The aim of
our partnership with Invisible Things is to extend the security support
until, at least, July 2027. We may also explore a possibility of
extending the support until June 2028, to coincide with the end of
Debian 12 LTS support-period.

The security support of Xen in Debian, since Debian 8 "jessie" until
Debian 11 "bullseye", reached its end before the end of the life cycle
of the release. We aim then to significantly improve the situation of
Xen in Debian 12. As with similar efforts, we would like to mention that
this is an experiment and that we will do our best to make it a success.
We are aiming to try and to extend the security support for Xen versions
included in future Debian releases, including Debian 13 "trixie".

In the long term, we hope that this effort will ultimately allow the Xen
Project to increase the official security support period for Xen
releases from the current three years to at least five years, with the
extra work being funded by the community of companies benefiting from
the longer support period.


This initiative has been made possible thanks to the current LTS
sponsors and ELTS customers. We hope the entire community of Debian and
Xen users will benefit from this initiative.


For the Debian LTS team,

 -- Santiago

Attachment: signature.asc
Description: PGP signature

Reply to:

Follow-Ups:
- Re: Xen 4.17 LTS
  - From: Salvatore Bonaccorso <carnil@debian.org>

Prev by Date: libsoup2.4 open security issues in sid
Next by Date: pushing glibc 2.31-13+deb11u12 to salsa
Previous by thread: libsoup2.4 open security issues in sid
Next by thread: Re: Xen 4.17 LTS
Index(es):
- Date
- Thread