Pkg xen devel - Sep 2017 - Updated Xen packages for XSA 216..225

(*Really* switching to my personal address not because I'm not doing
work for Citrix, but because the corporate email is not working
properly.  Sigh.  Also, email updated a bit.)

Ian Jackson writes ("Re: Updated Xen packages for XSA
216..225"):
> Ian Jackson writes ("Re: Updated Xen packages for XSA 216..225"):
> > Hi.  I was away and am now back.  There are a lot of outstanding
> > advisories.  I will try to prepare packages for stretch and jessie
> > this week.
> 
> In fact sid's xen package has not yet advanced beyond stretch, so the
> stretch and sid updates are just different builds of the same source.
I have uploaded the un-embargoed updates to jessie-security and
stretch-security.
> To retain version number sanity I will upload to sid first and then
> rebuild with a new changelog entry for stretch.
sid's xen.dsc doesn't built with sid's gcc.  I will file a bug about
this.  So I have done an binaryful upload to stretch-security now.

Also, I have access via my Xen Project Security Team hat to the
patches for the predisclosed advisories 231..234 and since Debian is
also on the Xen Project predisclosure list I think it is proper for me
with my Debian hat to start work on the packages for those.  The
release date is 2017-09-12 12:00.  See https://xenbits.xen.org/xsa/

Regards,
Ian.

-- 
Ian Jackson <ijackson at chiark.greenend.org.uk>   These opinions are my
own.

If I emailed you from an address @fyvzl.net or @evade.org.uk, that is
a private address which bypasses my fierce spamfilter.

On Thu, Sep 07, 2017 at 07:29:58PM +0100, Ian Jackson
wrote:
> (*Really* switching to my personal address not because I'm not doing
> work for Citrix, but because the corporate email is not working
> properly.  Sigh.  Also, email updated a bit.)
Sorry for the late reply. The updates look fine and I've written
up an advisory text.

I don't use Xen myself and don't have a test setup. Have these
been tested on a jessie/stretch system already or shall we pass
these to users who've volunteered for tests in the past?

Cheers,
        Moritz

Moritz M?hlenhoff writes ("Re: Updated Xen packages for XSA
216..225"):
> Sorry for the late reply. The updates look fine and I've written
> up an advisory text.
> 
> I don't use Xen myself and don't have a test setup. Have these
> been tested on a jessie/stretch system already or shall we pass
> these to users who've volunteered for tests in the past?
I've tested them.  At least, I have installed the packages and checked
that my guests are still up.

There are another bunch of updates due at 12:00 UTC today.  I will
try to have those ready today, ASAP.

Ian.