Your message dated Fri, 03 Oct 2014 13:54:37 +0100
with message-id <[email protected]>
and subject line Re: Bug#723641: pu: package xen/4.1.4-5
has caused the Debian Bug report #723641,
regarding pu: package xen/4.1.4-5
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
723641: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=723641
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: [email protected]
Usertags: pu
There are several CVE pending for Xen, plus some embargoed ones. This
fixes all publicly ones that have fixes.
xen (4.1.4-5) UNRELEASED; urgency=high
* Fix reference counting error introduced in CVE-2013-1918.
CVE-2013-1432
* Fix buffer overflow in xencontrol Python binding.
CVE-2013-2072
* Fix information leak von XSAVE capable AMD CPUs.
CVE-2013-2076
* Fix hypervisor crash due to missing exception recovery in XRESTOR.
CVE-2013-2077
* Fix hypervisor crash due to missing exception recovery in XSETBV.
CVE-2013-2078
* Fix multiple vulnerabilities in libelf PV kernel handling.
CVE-2013-2194, CVE-2013-2195, CVE-2013-2196
* Properly set permissions on console related xenstore entries in libxl.
CVE-2013-2211
* Disallow HVM passthrough in libxl with disabled IOMMU.
CVE-2013-4329
-- Bastian Blank <[email protected]> Sun, 05 May 2013 20:51:35 +0200
Bastian
-- System Information:
Debian Release: jessie/sid
APT prefers testing
APT policy: (990, 'testing'), (500, 'unstable'), (500, 'stable'), (1,
'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.10-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
--- End Message ---
--- Begin Message ---
On 2014-08-18 23:01, Adam D. Barratt wrote:
On Wed, 2013-09-18 at 14:06 +0200, Bastian Blank wrote:
There are several CVE pending for Xen, plus some embargoed ones. This
fixes all publicly ones that have fixes.
Looking back through older requests, I spotted that this one was still
in the queue.
Assuming the changelog for 4.1.4-3+deb7u2 (from DSA 3006-1) is correct,
I think the only item from the original list not covered is:
* Fix buffer overflow in xencontrol Python binding.
CVE-2013-2072
That has now been included in DSA 3041-1, so this is all done.
Regards,
Adam
--- End Message ---
