Ian Jackson
2017-May-04 16:06 UTC
[Pkg-xen-devel] Xen package security updates for jessie 4.4, XSA-213, XSA-214
Ian Jackson writes ("64bit PV guest breakout [XSA-213]"):> Source: xen > Version: 4.4.1-9 > Severity: important > Tags: security upstream fixed-upstream > > See > https://xenbits.xen.org/xsa/advisory-213.htmlIan Jackson writes ("grant transfer allows PV guest to elevate privileges [XSA-214]"):> Source: xen > Version: 4.4.1-9 > Severity: important > Tags: security upstream fixed-upstream > > See > https://xenbits.xen.org/xsa/advisory-214.htmlI have fixed these in stretch but the jessie package remains unfixed. I think I may be able to find some backports somewhere. Would that be useful ? Is anyone else working on this ? Ian.
Moritz Muehlenhoff
2017-May-04 16:51 UTC
[Pkg-xen-devel] Bug#861660: Xen package security updates for jessie 4.4, XSA-213, XSA-214
On Thu, May 04, 2017 at 05:06:07PM +0100, Ian Jackson wrote:> Ian Jackson writes ("64bit PV guest breakout [XSA-213]"): > > Source: xen > > Version: 4.4.1-9 > > Severity: important > > Tags: security upstream fixed-upstream > > > > See > > https://xenbits.xen.org/xsa/advisory-213.html > > Ian Jackson writes ("grant transfer allows PV guest to elevate privileges [XSA-214]"): > > Source: xen > > Version: 4.4.1-9 > > Severity: important > > Tags: security upstream fixed-upstream > > > > See > > https://xenbits.xen.org/xsa/advisory-214.html > > I have fixed these in stretch but the jessie package remains unfixed. > I think I may be able to find some backports somewhere. Would that be > useful ? Is anyone else working on this ?Yes, please! Cheers, Moritz
Ian Jackson
2017-May-04 16:59 UTC
[Pkg-xen-devel] Bug#861660: Xen package security updates for jessie 4.4, XSA-213, XSA-214
Moritz Muehlenhoff writes ("Re: Xen package security updates for jessie 4.4, XSA-213, XSA-214"):> On Thu, May 04, 2017 at 05:06:07PM +0100, Ian Jackson wrote: > > I have fixed these in stretch but the jessie package remains unfixed. > > I think I may be able to find some backports somewhere. Would that be > > useful ? Is anyone else working on this ? > > Yes, please!Working on it now. What shall I do with my resulting package ? Should I put jessie-security in the debian/changelog and dgit push it (ie, from many people's pov, dput it) ? Ian.