Your message dated Fri, 05 Dec 2025 16:03:34 +0000
with message-id <[email protected]>
and subject line Bug#1105193: fixed in xen 4.17.5+72-g01140da4e8-1
has caused the Debian Bug report #1105193,
regarding xen: CVE-2024-28956: XSA-469: x86: Indirect Target Selection
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1105193: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1105193
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: xen
Version: 4.20.0-1
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for xen.
CVE-2024-28956[0]:
| x86: Indirect Target Selection
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2024-28956
https://www.cve.org/CVERecord?id=CVE-2024-28956
[1] https://xenbits.xen.org/xsa/advisory-469.html
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: xen
Source-Version: 4.17.5+72-g01140da4e8-1
Done: Hans van Kranenburg <[email protected]>
We believe that the bug you reported is fixed in the latest version of
xen, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Hans van Kranenburg <[email protected]> (supplier of updated xen package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 29 Nov 2025 14:52:25 +0100
Source: xen
Architecture: source
Version: 4.17.5+72-g01140da4e8-1
Distribution: bookworm-security
Urgency: medium
Maintainer: Debian Xen Team <[email protected]>
Changed-By: Hans van Kranenburg <[email protected]>
Closes: 1092495 1105193 1105222 1120075
Changes:
xen (4.17.5+72-g01140da4e8-1) bookworm-security; urgency=medium
.
Significant changes:
* Update to new upstream version 4.17.5+72-g01140da4e8, which also contains
security fixes for the following issues:
(Closes: #1105193) (Closes: #1120075)
- deadlock potential with VT-d and legacy PCI device pass-through
XSA-467 CVE-2025-1713
- x86: Indirect Target Selection
XSA-469 CVE-2024-28956
- x86: Incorrect stubs exception handling for flags recovery
XSA-470 CVE-2025-27465
- x86: Transitive Scheduler Attacks
XSA-471 CVE-2024-36350 CVE-2024-36357
- Multiple vulnerabilities in the Viridian interface
XSA-472 CVE-2025-27466 CVE-2025-58142 CVE-2025-58143
- Arm issues with page refcounting
XSA-473 CVE-2025-58144 CVE-2025-58145
- x86: Incorrect input sanitisation in Viridian hypercalls
XSA-475 CVE-2025-58147 CVE-2025-58148
- Incorrect removal of permissions on PCI device unplug
XSA-476 CVE-2025-58149
* Note that the following XSA are not listed, because...
- XSA-468 applies to Windows PV drivers
- XSA-474 applies to XAPI which is not included in Debian
.
Packaging minor fixes and improvements:
* debian/salsa-ci.yml: adjust for new salsa-ci pipeline
.
Additional changes for 4.17 that were not backported upstream:
* Cherry-pick dd05d265b8 ("x86/intel: Fix PERF_GLOBAL fixup when
virtualised") to fix a boot loop when using Xen under nested
virtualization (Closes: #1105222)
.
xen (4.17.5+23-ga4e5191dc0-1+deb12u1) bookworm; urgency=medium
.
* Ignore lintian error not relevant for bookworm in salsa-ci.
* Cherry-pick e6472d4668 (tools/xg: increase LZMA_BLOCK_SIZE for
uncompressing the kernel) to allow direct kernel boot with kernels >=
6.12 (Closes: #1092495).
Checksums-Sha1:
d03ef7857b919f4bedeccc2cad4e8653edc2e54a 4357 xen_4.17.5+72-g01140da4e8-1.dsc
484aee73ee641a79784ccca082d88548f1979258 4735560
xen_4.17.5+72-g01140da4e8.orig.tar.xz
d4cd8a6ea02d46f176911e307579dc706445215b 139916
xen_4.17.5+72-g01140da4e8-1.debian.tar.xz
Checksums-Sha256:
f13956b67fb7a65707c2b0620d89b41ee5d203434dd7bb913017356791ee66c1 4357
xen_4.17.5+72-g01140da4e8-1.dsc
53922f4d0a02c577f2ea9d63f65989cd88715779eebeed879ca1d314103ee06e 4735560
xen_4.17.5+72-g01140da4e8.orig.tar.xz
5bcf3812c64585e270e0b3fa6ee8fd16dff7b9bc0f61375d648c64672484c4d9 139916
xen_4.17.5+72-g01140da4e8-1.debian.tar.xz
Files:
cc505f0bae1df37fc71190cece7ef8c6 4357 admin optional
xen_4.17.5+72-g01140da4e8-1.dsc
a06455fe8e2cb343077c1160dcbb542d 4735560 admin optional
xen_4.17.5+72-g01140da4e8.orig.tar.xz
0cc6fc105905d9e93bd1a9bc6ebac890 139916 admin optional
xen_4.17.5+72-g01140da4e8-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmku1R8ACgkQEMKTtsN8
Tja3WhAAmClBrRJmNE9WkWcdjxCTkOt4keVmN1KCwF5AWgV6f6xzT5HXD1JuG9jY
lNTuaXOcUsAaOn8aLiCWl0+42U0bQMWWYIPP/4V5yBVod1WMl4muGl+nSr/y0+xs
87TGQ97bEgyvhKGVoYeTG9ypXwB/5nACpVkSi4SZs5c2ZNMCSB2SrDSv2CCexmFW
0ZGOGgeAXDYT/2/1OEbJ48ksvnAue2uaZx3HiD3wx1w8vczHKYWABDOMXNrOUR8/
V3pYw3IpdrM8EoUnfW8QXblTDuzIqHZthVyn3dDfO/KV25/DMl+g+oqL3CXlS6/K
WblGxF3o/sy3KWB6yFDaPQ9H5X4TktreM+DJFAETYmHtZavD4MC7vyKqBxreoF6A
8Y6jtqa0+bgRd5xm4OSrKHhNQXzUE/5HZK+TQiznvc4wIAzzNY7JUuctGHji6Ugk
Uh+J3K1tK8TwiDNiB5Qcwh+reAm68o5aIO8zgvvUDYodyo0hitVpo2V4Pj62JGKL
UpwPGZNu7zfgEaXi8ZOkOnX+v35fBItI9cPe7Yd9zi8RSVqI03k83Jv5+Lq/0R0h
/HmeYAMuJo5BI5islx540orIm9UvzxwqxdoVmF0GUo7uIK2X0PxpvPQiFKfJsPDq
lvJotSsLT1TZpYsOSa6JJWVOnyMeQkjrjIqEk8DaKwK7SBV06yY=
=CISm
-----END PGP SIGNATURE-----
pgp057cjFsm64.pgp
Description: PGP signature
--- End Message ---
