Your message dated Wed, 14 Dec 2016 21:04:14 +0000
with message-id <[email protected]>
and subject line Bug#845664: fixed in xen 4.4.1-9+deb8u8
has caused the Debian Bug report #845664,
regarding xen: CVE-2016-9382: x86 task switch to VM86 mode mis-handled
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
845664: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845664
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: xen
Version: 4.4.1-9
Severity: important
Tags: security upstream patch
Hi,
the following vulnerability was published for xen.
CVE-2016-9382[0]:
x86 task switch to VM86 mode mis-handled
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2016-9382
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9382
[1] https://xenbits.xen.org/xsa/advisory-192.html
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: xen
Source-Version: 4.4.1-9+deb8u8
We believe that the bug you reported is fixed in the latest version of
xen, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <[email protected]> (supplier of updated xen package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 03 Dec 2016 12:12:53 +0100
Source: xen
Binary: libxen-4.4 libxenstore3.0 libxen-dev xenstore-utils xen-utils-common
xen-utils-4.4 xen-hypervisor-4.4-amd64 xen-system-amd64
xen-hypervisor-4.4-arm64 xen-system-arm64 xen-hypervisor-4.4-armhf
xen-system-armhf
Architecture: all source
Version: 4.4.1-9+deb8u8
Distribution: jessie-security
Urgency: high
Maintainer: Debian Xen Team <[email protected]>
Changed-By: Salvatore Bonaccorso <[email protected]>
Closes: 845663 845664 845665 845668 845670
Description:
libxen-4.4 - Public libs for Xen
libxen-dev - Public headers and libs for Xen
libxenstore3.0 - Xenstore communications library for Xen
xen-hypervisor-4.4-amd64 - Xen Hypervisor on AMD64
xen-hypervisor-4.4-arm64 - Xen Hypervisor on ARM64
xen-hypervisor-4.4-armhf - Xen Hypervisor on ARMHF
xen-system-amd64 - Xen System on AMD64 (meta-package)
xen-system-arm64 - Xen System on ARM64 (meta-package)
xen-system-armhf - Xen System on ARMHF (meta-package)
xen-utils-4.4 - XEN administrative tools
xen-utils-common - Xen administrative tools - common files
xenstore-utils - Xenstore command line utilities for Xen
Changes:
xen (4.4.1-9+deb8u8) jessie-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* CVE-2016-7777: CR0.TS and CR0.EM not always honored for x86 HVM guests
* CVE-2016-9386: x86 null segments not always treated as unusable
(Closes: #845663)
* CVE-2016-9382: x86 task switch to VM86 mode mis-handled (Closes: #845664)
* CVE-2016-9385: x86 segment base write emulation lacking canonical address
checks (Closes: #845665)
* CVE-2016-9383: x86 64-bit bit test instruction emulation broken
(Closes: #845668)
* CVE-2016-9379, CVE-2016-9380: delimiter injection vulnerabilities in
pygrub (Closes: #845670)
Checksums-Sha1:
941848efaef9535a44f3d9664872cf209c192475 3146 xen_4.4.1-9+deb8u8.dsc
897ea88ea02277175b82eadf820052e36cfb1cec 113128
xen_4.4.1-9+deb8u8.debian.tar.xz
fbe86caf6a9891337e997e265d4370f12a6feb54 122284
xen-utils-common_4.4.1-9+deb8u8_all.deb
Checksums-Sha256:
8eaf73760c8dd762473d5e2cbb246ff846613a2d2c9ceffbb77d96e3a2772dc5 3146
xen_4.4.1-9+deb8u8.dsc
f4bf2a68dc78ca97014d8d9f84e5d36f207b5ef768f20ca64edec66391314d6a 113128
xen_4.4.1-9+deb8u8.debian.tar.xz
e353abb1fefb34341c05b4207039ce17ec90c8ed9d1686bb27c28e96655cb324 122284
xen-utils-common_4.4.1-9+deb8u8_all.deb
Files:
5135e1cce01b695a03e5ea33c24137f1 3146 kernel optional xen_4.4.1-9+deb8u8.dsc
57fd28112c771a337dd0db14ca49af9d 113128 kernel optional
xen_4.4.1-9+deb8u8.debian.tar.xz
e6a197e146b03fc5439b102360634326 122284 kernel optional
xen-utils-common_4.4.1-9+deb8u8_all.deb
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlhHoIhfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89Ej7MQAKET9TtUqge/NCra0f/k7TqDiTGv8XDr
quAVilxzLwk6r1mjfEcBsrjsooU4+71LV7P4OOe5fh+uFi3eqhtuDa9BAwBucQrp
0XhGzol2Fg7UWHcVJRbnAM3e+MW0iMVJVHkjV6WQfgY+MCDv50pmwS2/E1PzEASv
M4CRo7qqQy0w74Tod6oOJ9SdmBUuxHVy336JbEgQsz6dL7keKAJEiF5WcIp2UddU
NZMz1vFMjBOntKkhZJ3T8y55ss4zrK+zl0aP2xXzIoZx1NcA3BNi+Y7VbOmokCK+
SfixVS4FbAoLupPC/JttXen43huLJYXH8NKa9vpnjjTIMn6Fxq2I5/7rwDZVNDyN
J1S3I7sZve2+ZovxgI8QwYqoFbY0OBrBUibBPfJBkJknxD78Z+1LLFwJR7E+8FOP
ouneOA4SanD9CbBQzsgmAMNsnJvwwzb9QotS8ogfYwkO286DSJkkPHrHCR0bElAV
x3hcr1eU/tJfN12mrtJScYGNOsmnXiyR8z97bcBJALA+/ySTyg4ubjb4SaxGGiGK
RS9iWvSxM7XBwET30SYrISQqknamZJSdF67mKwW4Srsd4YYIZBP8n5YyhAhv8vs8
Nz2++uTbqmBI8qcnL8PnJ4N3qZ3CLUMDZQMePDH5ct2BqHRW5cpVPSAe4q8RKQpY
XzfadVDaal0c
=0oOm
-----END PGP SIGNATURE-----
--- End Message ---
