Bug#723641: marked as done (pu: package xen/4.1.4-5)

[owner@bugs.debian.org (Debian Bug Tracking System)]

Your message dated Fri, 03 Oct 2014 13:54:37 +0100
with message-id <b7adf76d4bdc9f7031806934e25e2ad9@mail.adsl.funky-badger.org>
and subject line Re: Bug#723641: pu: package xen/4.1.4-5
has caused the Debian Bug report #723641,
regarding pu: package xen/4.1.4-5
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
723641: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=723641
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: Debian Bug Tracking System <submit@bugs.debian.org>
• Subject: pu: package xen/4.1.4-5
• From: Bastian Blank <waldi@debian.org>
• Date: Wed, 18 Sep 2013 14:06:41 +0200
• Message-id: <20130918120641.21000.54390.reportbug@rockhammer.waldi.eu.org>

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: pu

There are several CVE pending for Xen, plus some embargoed ones.  This
fixes all publicly ones that have fixes.

xen (4.1.4-5) UNRELEASED; urgency=high

  * Fix reference counting error introduced in CVE-2013-1918.
    CVE-2013-1432
  * Fix buffer overflow in xencontrol Python binding.
    CVE-2013-2072
  * Fix information leak von XSAVE capable AMD CPUs.
    CVE-2013-2076
  * Fix hypervisor crash due to missing exception recovery in XRESTOR.
    CVE-2013-2077
  * Fix hypervisor crash due to missing exception recovery in XSETBV.
    CVE-2013-2078
  * Fix multiple vulnerabilities in libelf PV kernel handling.
    CVE-2013-2194, CVE-2013-2195, CVE-2013-2196
  * Properly set permissions on console related xenstore entries in libxl.
    CVE-2013-2211
  * Disallow HVM passthrough in libxl with disabled IOMMU.
    CVE-2013-4329

 -- Bastian Blank <waldi@debian.org>  Sun, 05 May 2013 20:51:35 +0200

Bastian

-- System Information:
Debian Release: jessie/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.10-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

--- End Message ---

--- Begin Message ---

• To: 723641-done@bugs.debian.org
• Cc: Bastian Blank <waldi@debian.org>
• Subject: Re: Bug#723641: pu: package xen/4.1.4-5
• From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
• Date: Fri, 03 Oct 2014 13:54:37 +0100
• Message-id: <b7adf76d4bdc9f7031806934e25e2ad9@mail.adsl.funky-badger.org>
• In-reply-to: <1408399283.8346.8.camel@jacala.jungle.funky-badger.org>
• References: <20130918120641.21000.54390.reportbug@rockhammer.waldi.eu.org> <1408399283.8346.8.camel@jacala.jungle.funky-badger.org>

On 2014-08-18 23:01, Adam D. Barratt wrote:

On Wed, 2013-09-18 at 14:06 +0200, Bastian Blank wrote:

There are several CVE pending for Xen, plus some embargoed ones.  This
fixes all publicly ones that have fixes.

Looking back through older requests, I spotted that this one was still
in the queue.

Assuming the changelog for 4.1.4-3+deb7u2 (from DSA 3006-1) is correct,
I think the only item from the original list not covered is:

  * Fix buffer overflow in xencontrol Python binding.
    CVE-2013-2072

That has now been included in DSA 3041-1, so this is all done.

Regards,

Adam

--- End Message ---