Salvatore Bonaccorso
2023-Nov-26 20:14 UTC
[Pkg-xen-devel] Bug#1056928: xen: CVE-2023-46835 CVE-2023-46836
Source: xen Version: 4.17.2+55-g0b56bed864-1 Severity: important Tags: security upstream X-Debbugs-Cc: carnil at debian.org, Debian Security Team <team at security.debian.org> Hi, The following vulnerabilities were published for xen. CVE-2023-46835[0]: | x86/AMD: mismatch in IOMMU quarantine page table levels CVE-2023-46836[1]: | x86: BTC/SRSO fixes not fully effective If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-46835 https://www.cve.org/CVERecord?id=CVE-2023-46835 https://xenbits.xen.org/xsa/advisory-445.html [1] https://security-tracker.debian.org/tracker/CVE-2023-46836 https://www.cve.org/CVERecord?id=CVE-2023-46836 https://xenbits.xen.org/xsa/advisory-446.html Regards, Salvatore
Debian Bug Tracking System
2023-Nov-29 22:27 UTC
[Pkg-xen-devel] Bug#1056928: marked as done (xen: CVE-2023-46835 CVE-2023-46836)
Your message dated Wed, 29 Nov 2023 22:24:44 +0000 with message-id <E1r8Sz6-0040Ub-Bk at fasolo.debian.org> and subject line Bug#1056928: fixed in xen 4.17.2+76-ge1f9cb16e2-1 has caused the Debian Bug report #1056928, regarding xen: CVE-2023-46835 CVE-2023-46836 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner at bugs.debian.org immediately.) -- 1056928: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056928 Debian Bug Tracking System Contact owner at bugs.debian.org with problems -------------- next part -------------- An embedded message was scrubbed... From: Salvatore Bonaccorso <carnil at debian.org> Subject: xen: CVE-2023-46835 CVE-2023-46836 Date: Sun, 26 Nov 2023 21:14:58 +0100 Size: 2344 URL: <http://alioth-lists.debian.net/pipermail/pkg-xen-devel/attachments/20231129/dcb793f7/attachment.eml> -------------- next part -------------- An embedded message was scrubbed... From: Debian FTP Masters <ftpmaster at ftp-master.debian.org> Subject: Bug#1056928: fixed in xen 4.17.2+76-ge1f9cb16e2-1 Date: Wed, 29 Nov 2023 22:24:44 +0000 Size: 6680 URL: <http://alioth-lists.debian.net/pipermail/pkg-xen-devel/attachments/20231129/dcb793f7/attachment-0001.eml>
Debian Bug Tracking System
2023-Dec-03 12:36 UTC
[Pkg-xen-devel] Bug#1056928: marked as done (xen: CVE-2023-46835 CVE-2023-46836)
Your message dated Sun, 03 Dec 2023 12:32:14 +0000 with message-id <E1r9ldu-007Mor-B3 at fasolo.debian.org> and subject line Bug#1056928: fixed in xen 4.17.2+76-ge1f9cb16e2-1~deb12u1 has caused the Debian Bug report #1056928, regarding xen: CVE-2023-46835 CVE-2023-46836 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner at bugs.debian.org immediately.) -- 1056928: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056928 Debian Bug Tracking System Contact owner at bugs.debian.org with problems -------------- next part -------------- An embedded message was scrubbed... From: Salvatore Bonaccorso <carnil at debian.org> Subject: xen: CVE-2023-46835 CVE-2023-46836 Date: Sun, 26 Nov 2023 21:14:58 +0100 Size: 2344 URL: <http://alioth-lists.debian.net/pipermail/pkg-xen-devel/attachments/20231203/4fa7acc1/attachment.eml> -------------- next part -------------- An embedded message was scrubbed... From: Debian FTP Masters <ftpmaster at ftp-master.debian.org> Subject: Bug#1056928: fixed in xen 4.17.2+76-ge1f9cb16e2-1~deb12u1 Date: Sun, 03 Dec 2023 12:32:14 +0000 Size: 8202 URL: <http://alioth-lists.debian.net/pipermail/pkg-xen-devel/attachments/20231203/4fa7acc1/attachment-0001.eml>
Possibly Parallel Threads
- Bug#1033297: xen: CVE-2022-42331 CVE-2022-42332 CVE-2022-42333 CVE-2022-42334
- Bug#1029830: xen: CVE-2022-42330
- Bug#1031567: xen: CVE-2022-27672: XSA-426: x86: Cross-Thread Return Address Predictions
- xen 4.17.2+76-ge1f9cb16e2-1 MIGRATED to testing
- Fix build error with GCC 10 due to multiple definition of `toplevel'