Hi, On 1/25/21 8:08 PM, Salvatore Bonaccorso wrote: > Source: xen > Version: 4.14.0+88-g1d1d1f5391-2 > Severity: important > Tags: security upstream > X-Debbugs-Cc: car...@debian.org, Debian Security Team > <t...@security.debian.org> > > Hi > > For details see https://xenbits.xen.org/xsa/advisory-360.html . > > It does not affect version in buster afaict.
Indeed. Currently upstream stable-4.11 is at commit 310ab79875, which is actually the same as our buster-security package (4.11.4+57-g41a822c392-2) because the last upload was done using the embargoed patches. Unless something really interesting suddenly happens next Tuesday, there won't be a buster security update happening together with the 10.8 point release. For unstable, I plan do do something at the end of this week, and base it on the current stable-4.14 of course with the XSA-360 thing. And, we will have reproducible builds, woohoo! Thanks, Hans