On Wed, Mar 16, 2016 at 02:27:15PM +1100, Brian May wrote: > Guido Günther <a...@sigxcpu.org> writes:> > > > Sid has Xen 4.6 and looking at the CVEs that affect sid the patches > > don't seem to be applied so the tracker looks correct, there's plenty of > > work left. > > > > Are you going to look at the Wheezy packages? > > Looking now. > > Just looking at CVE-2015-2756 - this appears to be a vulnerability in > qemu - not xen - and squeeze and wheezy are not affected. > > https://security-tracker.debian.org/tracker/CVE-2015-2756
The patches provided with the xsa seem to apply to the embedded qemu copy of xen 4.1.4 but I did not check if a HVM guest can exploit this. Cheers, -- Guido