thr3ads.net - Pkg xen devel - [Pkg-xen-devel] Bug#845669: xen: CVE-2016-9377 CVE-2016-9378: x86 software interrupt injection mis-handled [Nov 2016]

If this information is useful, please help other people find it:
Share via:

Salvatore Bonaccorso

2016-Nov-25 18:51 UTC

[Pkg-xen-devel] Bug#845669: xen: CVE-2016-9377 CVE-2016-9378: x86 software interrupt injection mis-handled

Source: xen
Version: 4.8.0~rc5-1
Severity: important
Tags: security upstream patch

Hi,

the following vulnerabilities were published for xen.

CVE-2016-9377[0]:
x86 software interrupt injection mis-handled

CVE-2016-9378[1]:
x86 software interrupt injection mis-handled

If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2016-9377
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9377
[1] https://security-tracker.debian.org/tracker/CVE-2016-9378
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9378
[2] https://xenbits.xen.org/xsa/advisory-196.html

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Debian Bug Tracking System

2016-Nov-27 11:30 UTC

head link

[Pkg-xen-devel] Bug#845669: marked as done (xen: CVE-2016-9377 CVE-2016-9378: x86 software interrupt injection mis-handled)

Your message dated Sun, 27 Nov 2016 12:28:04 +0100
with message-id <20161127112804.GA25203 at shell.thinkmo.de>
and subject line Re: [Pkg-xen-devel] Bug#845663: xen: CVE-2016-9386: x86 null
segments not always treated as unusable
has caused the Debian Bug report #845663,
regarding xen: CVE-2016-9377 CVE-2016-9378: x86 software interrupt injection
mis-handled
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner at bugs.debian.org
immediately.)


-- 
845663: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845663
Debian Bug Tracking System
Contact owner at bugs.debian.org with problems
-------------- next part --------------
An embedded message was scrubbed...
From: Salvatore Bonaccorso <carnil at debian.org>
Subject: xen: CVE-2016-9377 CVE-2016-9378: x86 software interrupt injection
mis-handled
Date: Fri, 25 Nov 2016 19:51:32 +0100
Size: 4494
URL:
<http://lists.alioth.debian.org/pipermail/pkg-xen-devel/attachments/20161127/e79cd6a9/attachment-0002.mht>
-------------- next part --------------
An embedded message was scrubbed...
From: Bastian Blank <waldi at debian.org>
Subject: Re: [Pkg-xen-devel] Bug#845663: xen: CVE-2016-9386: x86 null segments
not always treated as unusable
Date: Sun, 27 Nov 2016 12:28:04 +0100
Size: 2232
URL:
<http://lists.alioth.debian.org/pipermail/pkg-xen-devel/attachments/20161127/e79cd6a9/attachment-0003.mht>

Debian Bug Tracking System

2016-Dec-22 18:51 UTC

head link

[Pkg-xen-devel] Bug#845669: marked as done (xen: CVE-2016-9377 CVE-2016-9378: x86 software interrupt injection mis-handled)

Your message dated Thu, 22 Dec 2016 18:49:44 +0000
with message-id <E1cK8Qy-0003nz-KV at fasolo.debian.org>
and subject line Bug#845669: fixed in xen 4.8.0-1
has caused the Debian Bug report #845669,
regarding xen: CVE-2016-9377 CVE-2016-9378: x86 software interrupt injection
mis-handled
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner at bugs.debian.org
immediately.)


-- 
845669: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845669
Debian Bug Tracking System
Contact owner at bugs.debian.org with problems
-------------- next part --------------
An embedded message was scrubbed...
From: Salvatore Bonaccorso <carnil at debian.org>
Subject: xen: CVE-2016-9377 CVE-2016-9378: x86 software interrupt injection
mis-handled
Date: Fri, 25 Nov 2016 19:51:32 +0100
Size: 4494
URL:
<http://lists.alioth.debian.org/pipermail/pkg-xen-devel/attachments/20161222/3d383422/attachment-0002.mht>
-------------- next part --------------
An embedded message was scrubbed...
From: Ian Jackson <ian.jackson at eu.citrix.com>
Subject: Bug#845669: fixed in xen 4.8.0-1
Date: Thu, 22 Dec 2016 18:49:44 +0000
Size: 11301
URL:
<http://lists.alioth.debian.org/pipermail/pkg-xen-devel/attachments/20161222/3d383422/attachment-0003.mht>

Pkg xen devel - Nov 2016 - Bug#845669: xen: CVE-2016-9377 CVE-2016-9378: x86 software interrupt injection mis-handled

[Pkg-xen-devel] Bug#845669: xen: CVE-2016-9377 CVE-2016-9378: x86 software interrupt injection mis-handled

[Pkg-xen-devel] Bug#845669: marked as done (xen: CVE-2016-9377 CVE-2016-9378: x86 software interrupt injection mis-handled)

[Pkg-xen-devel] Bug#845669: marked as done (xen: CVE-2016-9377 CVE-2016-9378: x86 software interrupt injection mis-handled)