Pkg xen devel - Nov 2016 - Bug#845667: xen: CVE-2016-9384: guest 32-bit ELF symbol table load leaking host data

Source: xen
Version: 4.8.0~rc5-1
Severity: important
Tags: security upstream patch

Hi,

the following vulnerability was published for xen.

CVE-2016-9384[0]:
guest 32-bit ELF symbol table load leaking host data

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2016-9384
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9384
[1] https://xenbits.xen.org/xsa/advisory-194.html

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Your message dated Sun, 27 Nov 2016 12:28:04 +0100
with message-id <20161127112804.GA25203 at shell.thinkmo.de>
and subject line Re: [Pkg-xen-devel] Bug#845663: xen: CVE-2016-9386: x86 null
segments not always treated as unusable
has caused the Debian Bug report #845663,
regarding xen: CVE-2016-9384: guest 32-bit ELF symbol table load leaking host
data
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner at bugs.debian.org
immediately.)


-- 
845663: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845663
Debian Bug Tracking System
Contact owner at bugs.debian.org with problems
-------------- next part --------------
An embedded message was scrubbed...
From: Salvatore Bonaccorso <carnil at debian.org>
Subject: xen: CVE-2016-9384: guest 32-bit ELF symbol table load leaking host
data
Date: Fri, 25 Nov 2016 19:44:00 +0100
Size: 2229
URL:
<http://lists.alioth.debian.org/pipermail/pkg-xen-devel/attachments/20161127/be5142e9/attachment.mht>
-------------- next part --------------
An embedded message was scrubbed...
From: Bastian Blank <waldi at debian.org>
Subject: Re: [Pkg-xen-devel] Bug#845663: xen: CVE-2016-9386: x86 null segments
not always treated as unusable
Date: Sun, 27 Nov 2016 12:28:04 +0100
Size: 2232
URL:
<http://lists.alioth.debian.org/pipermail/pkg-xen-devel/attachments/20161127/be5142e9/attachment-0001.mht>

Your message dated Thu, 22 Dec 2016 18:49:44 +0000
with message-id <E1cK8Qy-0003nt-JZ at fasolo.debian.org>
and subject line Bug#845667: fixed in xen 4.8.0-1
has caused the Debian Bug report #845667,
regarding xen: CVE-2016-9384: guest 32-bit ELF symbol table load leaking host
data
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner at bugs.debian.org
immediately.)


-- 
845667: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845667
Debian Bug Tracking System
Contact owner at bugs.debian.org with problems
-------------- next part --------------
An embedded message was scrubbed...
From: Salvatore Bonaccorso <carnil at debian.org>
Subject: xen: CVE-2016-9384: guest 32-bit ELF symbol table load leaking host
data
Date: Fri, 25 Nov 2016 19:44:00 +0100
Size: 2229
URL:
<http://lists.alioth.debian.org/pipermail/pkg-xen-devel/attachments/20161222/aa086580/attachment.mht>
-------------- next part --------------
An embedded message was scrubbed...
From: Ian Jackson <ian.jackson at eu.citrix.com>
Subject: Bug#845667: fixed in xen 4.8.0-1
Date: Thu, 22 Dec 2016 18:49:44 +0000
Size: 11301
URL:
<http://lists.alioth.debian.org/pipermail/pkg-xen-devel/attachments/20161222/aa086580/attachment-0001.mht>