Luís Infante da Câmara
2022-Jul-05 15:56 UTC
[Pkg-xen-devel] Bug#1014414: xen: New unreleased upstream fixes for 6 vulnerabilities in testing/unstable
Source: xen Version: 4.16.1-1 Severity: critical Tags: security upstream Justification: root security hole X-Debbugs-Cc: Debian Security Team <team at security.debian.org> Dear Maintainer, The upstream stable branch (stable-4.16 in https://xenbits.xen.org/gitweb/?p=xen.git;a=summary) contains fixes for CVE-2022-21123, CVE-2022-21125, CVE-2022-21166, CVE-2022-26362, CVE-2022-26363 and CVE-2022-26364, that are not in any Xen release. An upstream tarball and patched source and binary packages for Ubuntu 22.04 are available in my PPA: https://launchpad.net/~luis220413/+archive/ubuntu/security-updates Kind regards, Lu?s Infante da C?mara
Luís Infante da Câmara
2022-Jul-16 07:00 UTC
[Pkg-xen-devel] Bug#1014414: 3 more vulnerabilities
3 more vulnerabilities (CVE-2022-23816, CVE-2022-23825 and CVE-2022-29900) were found in Xen that are unpatched in testing/unstable. Patches for Ubuntu 22.04 and 22.10 are available in the Ubuntu bug: https://bugs.launchpad.net/ubuntu/+source/xen/+bug/1978891 Patched packages for these Ubuntu releases are available in my PPA: https://launchpad.net/~luis220413/+archive/ubuntu/security-updates/+packages Kind regards, Lu?s Infante da C?mara
Luís Infante da Câmara
2022-Aug-27 16:05 UTC
[Pkg-xen-devel] Bug#1014414: Fixed in version 4.16.2-1
Source: xen Source-Version: 4.16.2-1 Done: Lu?s Infante da C?mara <luis.infante.da.camara at tecnico.ulisboa.pt> Fixed in Debian unstable and Ubuntu Kinetic in version 4.16.2-1.
Debian Bug Tracking System
2022-Aug-28 11:12 UTC
[Pkg-xen-devel] Bug#1014414: marked as done (xen: New unreleased upstream fixes for 6 vulnerabilities in testing/unstable)
Your message dated Sun, 28 Aug 2022 12:59:52 +0200 with message-id <2976148.Z1ClUSbBXi at prancing-pony> and subject line Re: Fixed in version 4.16.2-1 has caused the Debian Bug report #1014414, regarding xen: New unreleased upstream fixes for 6 vulnerabilities in testing/unstable to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner at bugs.debian.org immediately.) -- 1014414: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014414 Debian Bug Tracking System Contact owner at bugs.debian.org with problems -------------- next part -------------- An embedded message was scrubbed... From: =?UTF-8?Q?Lu=c3=ads_Infante_da_C=c3=a2mara? <luis.infante.da.camara at tecnico.ulisboa.pt> Subject: xen: New unreleased upstream fixes for 6 vulnerabilities in testing/unstable Date: Tue, 5 Jul 2022 16:56:03 +0100 Size: 3646 URL: <http://alioth-lists.debian.net/pipermail/pkg-xen-devel/attachments/20220828/87cee793/attachment.eml> -------------- next part -------------- An embedded message was scrubbed... From: Diederik de Haas <didi.debian at cknow.org> Subject: Re: Fixed in version 4.16.2-1 Date: Sun, 28 Aug 2022 12:59:52 +0200 Size: 3114 URL: <http://alioth-lists.debian.net/pipermail/pkg-xen-devel/attachments/20220828/87cee793/attachment-0001.eml>