Pkg xen devel - Jan 2021 - Bug#981052: xen: XSA-360: IRQ vector leak on x86

Source: xen
Version: 4.14.0+88-g1d1d1f5391-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: carnil at debian.org, Debian Security Team <team at
security.debian.org>

Hi

For details see https://xenbits.xen.org/xsa/advisory-360.html . 

It does not affect version in buster afaict.

Regards,
Salvatore

Control: retitle -1 xen: CVE-2021-3308: XSA-360: IRQ vector leak on x86

On Mon, Jan 25, 2021 at 08:08:02PM +0100, Salvatore Bonaccorso
wrote:
> Source: xen
> Version: 4.14.0+88-g1d1d1f5391-2
> Severity: important
> Tags: security upstream
> X-Debbugs-Cc: carnil at debian.org, Debian Security Team <team at
security.debian.org>
> 
> Hi
> 
> For details see https://xenbits.xen.org/xsa/advisory-360.html . 
> 
> It does not affect version in buster afaict.
This now has assigned CVE-2021-3308.

Regards,
Salvatore

Processing control commands:
> retitle -1 xen: CVE-2021-3308: XSA-360: IRQ vector leak on x86
Bug #981052 [src:xen] xen: XSA-360: IRQ vector leak on x86
Changed Bug title to 'xen: CVE-2021-3308: XSA-360: IRQ vector leak on
x86' from 'xen: XSA-360: IRQ vector leak on x86'.

-- 
981052: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=981052
Debian Bug Tracking System
Contact owner at bugs.debian.org with problems

Hi,

On 1/25/21 8:08 PM, Salvatore Bonaccorso wrote:
> Source: xen
> Version: 4.14.0+88-g1d1d1f5391-2
> Severity: important
> Tags: security upstream
> X-Debbugs-Cc: carnil at debian.org, Debian Security Team <team at
security.debian.org>
> 
> Hi
> 
> For details see https://xenbits.xen.org/xsa/advisory-360.html . 
> 
> It does not affect version in buster afaict.
Indeed. Currently upstream stable-4.11 is at commit 310ab79875, which is
actually the same as our buster-security package
(4.11.4+57-g41a822c392-2) because the last upload was done using the
embargoed patches.

Unless something really interesting suddenly happens next Tuesday, there
won't be a buster security update happening together with the 10.8 point
release.

For unstable, I plan do do something at the end of this week, and base
it on the current stable-4.14 of course with the XSA-360 thing. And, we
will have reproducible builds, woohoo!

Thanks,
Hans

Your message dated Sun, 28 Feb 2021 20:37:30 +0000
with message-id <E1lGSok-0002ro-Jv at fasolo.debian.org>
and subject line Bug#981052: fixed in xen 4.14.1+11-gb0b734a8b3-1
has caused the Debian Bug report #981052,
regarding xen: CVE-2021-3308: XSA-360: IRQ vector leak on x86
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner at bugs.debian.org
immediately.)


-- 
981052: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=981052
Debian Bug Tracking System
Contact owner at bugs.debian.org with problems
-------------- next part --------------
An embedded message was scrubbed...
From: Salvatore Bonaccorso <carnil at debian.org>
Subject: xen: XSA-360: IRQ vector leak on x86
Date: Mon, 25 Jan 2021 20:08:02 +0100
Size: 1790
URL:
<http://alioth-lists.debian.net/pipermail/pkg-xen-devel/attachments/20210228/193818f2/attachment.eml>
-------------- next part --------------
An embedded message was scrubbed...
From: Debian FTP Masters <ftpmaster at ftp-master.debian.org>
Subject: Bug#981052: fixed in xen 4.14.1+11-gb0b734a8b3-1
Date: Sun, 28 Feb 2021 20:37:30 +0000
Size: 7302
URL:
<http://alioth-lists.debian.net/pipermail/pkg-xen-devel/attachments/20210228/193818f2/attachment-0001.eml>