thr3ads.net - Pkg xen devel - [Pkg-xen-devel] xen_4.17.5+23-ga4e5191dc0-2_source.changes ACCEPTED into proposed-updates->stable-new [Feb 2025]

If this information is useful, please help other people find it:
Share via:

Debian FTP Masters

2025-Feb-09 21:46 UTC

[Pkg-xen-devel] xen_4.17.5+23-ga4e5191dc0-2_source.changes ACCEPTED into proposed-updates->stable-new

Thank you for your contribution to Debian.

Mapping bookworm to stable.
Mapping stable to proposed-updates.

Accepted:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 26 Jan 2025 22:42:25 +0100
Source: xen
Architecture: source
Version: 4.17.5+23-ga4e5191dc0-2
Distribution: bookworm
Urgency: medium
Maintainer: Debian Xen Team <pkg-xen-devel at lists.alioth.debian.org>
Changed-By: Maximilian Engelhardt <maxi at daemonizer.de>
Closes: 1092495
Changes:
 xen (4.17.5+23-ga4e5191dc0-2) bookworm; urgency=medium
 .
   * Ignore lintian error not relevant for bookworm in salsa-ci.
   * Cherry-pick e6472d4668 (tools/xg: increase LZMA_BLOCK_SIZE for
     uncompressing the kernel) to allow direct kernel boot with kernels >    
6.12 (Closes: #1092495).
 .
 xen (4.17.5+23-ga4e5191dc0-1) bookworm-security; urgency=medium
 .
   * Update to new upstream version 4.17.5+23-ga4e5191dc0, which also contains
     security fixes for the following issues:
     - x86: shadow stack vs exceptions from emulation stubs
       XSA-451 CVE-2023-46841
     - x86: Register File Data Sampling
       XSA-452 CVE-2023-28746
     - GhostRace: Speculative Race Conditions
       XSA-453 CVE-2024-2193
     - x86 HVM hypercalls may trigger Xen bug check
       XSA-454 CVE-2023-46842
     - x86: Incorrect logic for BTC/SRSO mitigations
       XSA-455 CVE-2024-31142
     - x86: Native Branch History Injection
       XSA-456 CVE-2024-2201
     - double unlock in x86 guest IRQ handling
       XSA-458 CVE-2024-31143
     - error handling in x86 IOMMU identity mapping
       XSA-460 CVE-2024-31145
     - PCI device pass-through with shared resources
       XSA-461 CVE-2024-31146
     - x86: Deadlock in vlapic_error()
       XSA-462 CVE-2024-45817
     - Deadlock in x86 HVM standard VGA handling
       XSA-463 CVE-2024-45818
     - libxl leaks data to PVH guests via ACPI tables
       XSA-464 CVE-2024-45819
   * Note that the following XSA are not listed, because...
     - XSA-457 and XSA-465 have patches for the Linux kernel.
     - XSA-459 is within Xapi which is not shipped by this package.
     - XSA-466 contains a documentation update that was only applied to the
       current development version of Xen
Checksums-Sha1:
 e4d25ea566872f72aca1bfbf2ae124ee6c574e96 4482 xen_4.17.5+23-ga4e5191dc0-2.dsc
 5fe060e23292ec07b38b43381ce1fe44f2c9b66e 138324
xen_4.17.5+23-ga4e5191dc0-2.debian.tar.xz
Checksums-Sha256:
 5bf71d289371635f25baebc2a5dacc649dba7ceae3e77ae63dff9c9e04c67936 4482
xen_4.17.5+23-ga4e5191dc0-2.dsc
 9efdb9a4490cc1eb838158b03ef9a9af7dc910e654e66622032bb08e7a847126 138324
xen_4.17.5+23-ga4e5191dc0-2.debian.tar.xz
Files:
 f5f80c2dc92797dd23ddc0876ca35652 4482 admin optional
xen_4.17.5+23-ga4e5191dc0-2.dsc
 863a7f76f2d030b7a3d1682dffbb6246 138324 admin optional
xen_4.17.5+23-ga4e5191dc0-2.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEESWyddwNaG9637koYssHfcmNhX2wFAmepG2UACgkQssHfcmNh
X2wGRQ//YWyn5Xp4neicQicYi9HY5d1yl/MnmC86w4/IqKxp5RrLfUYIFLOicRqE
b6QxCstoiU68mBTmNZi532ETXz3NQ62oGTCOnud2XoljeNU5EWMbX+7RYVMDm3aF
Lp7iRQBNi5zbhYr7IdIA8Gtv0lnmHm1e1sI7hgF6u9ZnEk6tyldBGDnJCa5Tl1KB
qe6m02SmxNeIjGQ77sZZereT+w6NKkzQj/UCWQLixDGtrYci1Xw0NoWWM1jhW4Hx
0xowNFhA9ZPCKoZONjE/cgvdL9fSfVpjP3TmbafRVzgxFieQMd256RCgVnBIrns9
7S3dMlI9o3scf6+nZ0KwB0LLrekX0X9I73QJQIwhpDkLFz32bVfZ4J7kAhV0Q4Xh
YW5QCcXAGeBHRivjcgV4+0xIRn7/l8+7wdaPBLTB4r681rwj5xzxLOIKitRBABbe
s0huaIxsiQpRmRe2AsGHUIa2YQpOq7HTC90ynDUhX2CC31wmK40lqT9mH08ymIkp
Xcft3X74Jg2PmZPuTCUyeyQFk2vih3Psilnm4mkeTbE0RV26Kvzv/GFDmwk1jhqv
+vdf5Hi36ul3caQrnMhqCPnmFdUpCJOmt8XJ7b0ALuqMluRquL8m9k64uXnw48lF
CYssPgHIFu/NL9iuR5keUwLZiUvTUBGsWhtiA1Ak4e0WllgKzWc=MEVy
-----END PGP SIGNATURE-----

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL:
<http://alioth-lists.debian.net/pipermail/pkg-xen-devel/attachments/20250209/2f375265/attachment.sig>

Maybe Matching Threads

Search for more apparently analagous threads

Pkg xen devel - Feb 2025 - xen_4.17.5+23-ga4e5191dc0-2_source.changes ACCEPTED into proposed-updates->stable-new

[Pkg-xen-devel] xen_4.17.5+23-ga4e5191dc0-2_source.changes ACCEPTED into proposed-updates->stable-new

Maybe Matching Threads