thr3ads.net - Pkg xen devel - [Pkg-xen-devel] Bug#861660: Xen package security updates for jessie 4.4, XSA-213, XSA-214 [May 2017]

If this information is useful, please help other people find it:
Share via:

Ian Jackson

2017-May-04 16:06 UTC

[Pkg-xen-devel] Xen package security updates for jessie 4.4, XSA-213, XSA-214

Ian Jackson writes ("64bit PV guest breakout
[XSA-213]"):> Source: xen
> Version: 4.4.1-9
> Severity: important
> Tags: security upstream fixed-upstream
> 
> See
>   https://xenbits.xen.org/xsa/advisory-213.html
Ian Jackson writes ("grant transfer allows PV guest to elevate privileges
[XSA-214]"):> Source: xen
> Version: 4.4.1-9
> Severity: important
> Tags: security upstream fixed-upstream
> 
> See
>   https://xenbits.xen.org/xsa/advisory-214.html
I have fixed these in stretch but the jessie package remains unfixed.
I think I may be able to find some backports somewhere.  Would that be
useful ?  Is anyone else working on this ?

Ian.

Moritz Muehlenhoff

2017-May-04 16:51 UTC

head link

[Pkg-xen-devel] Bug#861660: Xen package security updates for jessie 4.4, XSA-213, XSA-214

On Thu, May 04, 2017 at 05:06:07PM +0100, Ian Jackson
wrote:> Ian Jackson writes ("64bit PV guest breakout [XSA-213]"):
> > Source: xen
> > Version: 4.4.1-9
> > Severity: important
> > Tags: security upstream fixed-upstream
> > 
> > See
> >   https://xenbits.xen.org/xsa/advisory-213.html
> 
> Ian Jackson writes ("grant transfer allows PV guest to elevate
privileges [XSA-214]"):
> > Source: xen
> > Version: 4.4.1-9
> > Severity: important
> > Tags: security upstream fixed-upstream
> > 
> > See
> >   https://xenbits.xen.org/xsa/advisory-214.html
> 
> I have fixed these in stretch but the jessie package remains unfixed.
> I think I may be able to find some backports somewhere.  Would that be
> useful ?  Is anyone else working on this ?
Yes, please!

Cheers,
        Moritz

Ian Jackson

2017-May-04 16:59 UTC

head link

[Pkg-xen-devel] Bug#861660: Xen package security updates for jessie 4.4, XSA-213, XSA-214

Moritz Muehlenhoff writes ("Re: Xen package security updates for jessie
4.4, XSA-213, XSA-214"):> On Thu, May 04, 2017 at 05:06:07PM +0100, Ian Jackson wrote:
> > I have fixed these in stretch but the jessie package remains unfixed.
> > I think I may be able to find some backports somewhere.  Would that be
> > useful ?  Is anyone else working on this ?
> 
> Yes, please!
Working on it now.  What shall I do with my resulting package ?

Should I put jessie-security in the debian/changelog and dgit push it
(ie, from many people's pov, dput it) ?

Ian.

Reasonably Related Threads

Search for more apparently analagous threads

Pkg xen devel - May 2017 - Bug#861660: Xen package security updates for jessie 4.4, XSA-213, XSA-214

[Pkg-xen-devel] Xen package security updates for jessie 4.4, XSA-213, XSA-214

[Pkg-xen-devel] Bug#861660: Xen package security updates for jessie 4.4, XSA-213, XSA-214

[Pkg-xen-devel] Bug#861660: Xen package security updates for jessie 4.4, XSA-213, XSA-214

Reasonably Related Threads