--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: pu: package xen/4.1.4-5
- From: Bastian Blank <waldi@debian.org>
- Date: Wed, 18 Sep 2013 14:06:41 +0200
- Message-id: <20130918120641.21000.54390.reportbug@rockhammer.waldi.eu.org>
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: pu
There are several CVE pending for Xen, plus some embargoed ones. This
fixes all publicly ones that have fixes.
xen (4.1.4-5) UNRELEASED; urgency=high
* Fix reference counting error introduced in CVE-2013-1918.
CVE-2013-1432
* Fix buffer overflow in xencontrol Python binding.
CVE-2013-2072
* Fix information leak von XSAVE capable AMD CPUs.
CVE-2013-2076
* Fix hypervisor crash due to missing exception recovery in XRESTOR.
CVE-2013-2077
* Fix hypervisor crash due to missing exception recovery in XSETBV.
CVE-2013-2078
* Fix multiple vulnerabilities in libelf PV kernel handling.
CVE-2013-2194, CVE-2013-2195, CVE-2013-2196
* Properly set permissions on console related xenstore entries in libxl.
CVE-2013-2211
* Disallow HVM passthrough in libxl with disabled IOMMU.
CVE-2013-4329
-- Bastian Blank <waldi@debian.org> Sun, 05 May 2013 20:51:35 +0200
Bastian
-- System Information:
Debian Release: jessie/sid
APT prefers testing
APT policy: (990, 'testing'), (500, 'unstable'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.10-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
--- End Message ---
--- Begin Message ---
- To: 723641-done@bugs.debian.org
- Cc: Bastian Blank <waldi@debian.org>
- Subject: Re: Bug#723641: pu: package xen/4.1.4-5
- From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
- Date: Fri, 03 Oct 2014 13:54:37 +0100
- Message-id: <b7adf76d4bdc9f7031806934e25e2ad9@mail.adsl.funky-badger.org>
- In-reply-to: <1408399283.8346.8.camel@jacala.jungle.funky-badger.org>
- References: <20130918120641.21000.54390.reportbug@rockhammer.waldi.eu.org> <1408399283.8346.8.camel@jacala.jungle.funky-badger.org>
On 2014-08-18 23:01, Adam D. Barratt wrote:
On Wed, 2013-09-18 at 14:06 +0200, Bastian Blank wrote:
There are several CVE pending for Xen, plus some embargoed ones. This
fixes all publicly ones that have fixes.
Looking back through older requests, I spotted that this one was still
in the queue.
Assuming the changelog for 4.1.4-3+deb7u2 (from DSA 3006-1) is correct,
I think the only item from the original list not covered is:
* Fix buffer overflow in xencontrol Python binding.
CVE-2013-2072
That has now been included in DSA 3041-1, so this is all done.
Regards,
Adam
--- End Message ---