search for: bonaccorso

Salvatore Bonaccorso writes ("Re: Updated Xen packages for XSA 216..225"): > On Tue, Jul 11, 2017 at 11:34:38PM +0200, Moritz Muehlenhoff wrote: > > On Mon, Jul 03, 2017 at 12:33:54PM +0100, Ian Jackson wrote: > > > Moritz M?hlenhoff writes ("Re: Updated Xen packages for XSA 216..225&qu...

Source: xen Version: 4.8.1~pre.2017.01.23-1 Severity: grave Tags: security upstream Justification: user security hole Hi, the following vulnerability was published for xen. CVE-2017-7228[0]: | An issue (known as XSA-212) was discovered in Xen, with fixes available | for 4.8.x, 4.7.x, 4.6.x, 4.5.x, and 4.4.x. The earlier XSA-29 fix | introduced an insufficient check on XENMEM_exchange input,

Source: xen Version: 4.4.1-9 Severity: normal Tags: security upstream patch fixed-upstream Hi, the following vulnerability was published for xen. CVE-2015-3340[0]: | Xen 4.2.x through 4.5.x does not initialize certain fields, which | allows certain remote service domains to obtain sensitive information | from memory via a (1) XEN_DOMCTL_gettscinfo or (2) | XEN_SYSCTL_getdomaininfolist request.

...fixed this with a patch from Dominik Mierzejewski: https://src.fedoraproject.org/rpms/tftp/c/5e2aa55b6802a52ef480d688b3ae4751220f20e0.patch Attaching the corresponding patch for git am. Regards, Salvatore >From 9e7641bf58df9dda3bc51f381f371fa7cbce47af Mon Sep 17 00:00:00 2001 From: Salvatore Bonaccorso <carnil at debian.org> Date: Tue, 16 Jun 2020 14:06:14 +0200 Subject: [PATCH] Fix build error with GCC 10 due to multiple definition of `toplevel' GCC is stricter in handling of symbol clashes and throws: gcc-10 tftp.o main.o ../common/libcommon.a /build/tftp-hpa/lib/libxtra.a -o t...

...0e0.patch Attaching the corresponding patch for git am. I'm sending the patch which was submitted a while ago to the list. Is there something you wanted to be changed to be applied? Regards, Salvatore >From 9e7641bf58df9dda3bc51f381f371fa7cbce47af Mon Sep 17 00:00:00 2001 From: Salvatore Bonaccorso <carnil at debian.org> Date: Tue, 16 Jun 2020 14:06:14 +0200 Subject: [PATCH] Fix build error with GCC 10 due to multiple definition of `toplevel' GCC is stricter in handling of symbol clashes and throws: gcc-10 tftp.o main.o ../common/libcommon.a /build/tftp-hpa/lib/libxtra.a -o t...

On Sun, Jan 29, 2023 at 10:36:31PM +0100, Computer Enthusiastic wrote: > Hello Greg, > Hello Salvatore, > > On 28/01/2023 20:49, Salvatore Bonaccorso wrote: > > Hi Greg, > > > > I'm not the reporter, so would like to confirm him explicitly, but I > > believe I can give some context: > > > > On Sat, Jan 28, 2023 at 06:51:08PM +0100, Greg KH wrote: > > > On Sat, Jan 28, 2023 at 03:49:59PM +0100, C...

Source: xen Version: 4.17.0+46-gaaf74a532c-1 Severity: grave Tags: security upstream X-Debbugs-Cc: carnil at debian.org, Debian Security Team <team at security.debian.org> Hi, The following vulnerabilities were published for xen. CVE-2022-42331[0]: | x86: speculative vulnerability in 32bit SYSCALL path Due to an | oversight in the very original Spectre/Meltdown security work | (XSA-254),

On Sun, Nov 15, 2020 at 6:43 PM Salvatore Bonaccorso <carnil at debian.org> wrote: > > Hi, > > On Fri, Aug 28, 2020 at 11:28:46AM +0200, Frantisek Hrbata wrote: > > Unprivileged user can crash kernel by using DRM_IOCTL_NOUVEAU_CHANNEL_ALLOC > > ioctl. This was reported by trinity[1] fuzzer. > > > > [ 71.073...

On Sat, May 02, 2015 at 07:04:34AM +0200, Salvatore Bonaccorso wrote: > the following vulnerability was published for xen. I consider this issue as unimportant. Not sure how I can mark it this way in the security tracker. Bastian -- Knowledge, sir, should be free to all! -- Harry Mudd, "I, Mudd", stardate 4513.3

On Mon, Jul 03, 2017 at 12:33:54PM +0100, Ian Jackson wrote: > Moritz M?hlenhoff writes ("Re: Updated Xen packages for XSA 216..225"): > > Sorry for the late reply, was on vacation for a week. What's the status > > of jessie? Most of the XSAs seem to affect oldstable as well. > > Sorry, I forgot about them... > > I will see what I can do. Did you look

On Mon, Aug 07, 2017 at 01:15:56PM +0200, Moritz Muehlenhoff wrote: > On Mon, Jul 17, 2017 at 03:58:20PM +0100, Ian Jackson wrote: > > Salvatore Bonaccorso writes ("Re: Updated Xen packages for XSA 216..225"): > > > On Tue, Jul 11, 2017 at 11:34:38PM +0200, Moritz Muehlenhoff wrote: > > > > On Mon, Jul 03, 2017 at 12:33:54PM +0100, Ian Jackson wrote: > > > > > Moritz M?hlenhoff writes ("Re: Updated Xe...

...-amd64 xen-system-amd64 xen-hypervisor-4.4-arm64 xen-system-arm64 xen-hypervisor-4.4-armhf xen-system-armhf Architecture: all source Version: 4.4.1-9+deb8u5 Distribution: jessie-security Urgency: high Maintainer: Debian Xen Team <pkg-xen-devel at lists.alioth.debian.org> Changed-By: Salvatore Bonaccorso <carnil at debian.org> Description: libxen-4.4 - Public libs for Xen libxen-dev - Public headers and libs for Xen libxenstore3.0 - Xenstore communications library for Xen xen-hypervisor-4.4-amd64 - Xen Hypervisor on AMD64 xen-hypervisor-4.4-arm64 - Xen Hypervisor on ARM64 xen-hyperviso...

Source: xen Version: 4.4.1-9 Severity: normal Tags: security upstream patch fixed-upstream Hi, the following vulnerability was published for xen. CVE-2015-6654[0]: | The xenmem_add_to_physmap_one function in arch/arm/mm.c in Xen 4.5.x, | 4.4.x, and earlier does not limit the number of printk console | messages when reporting a failure to retrieve a reference on a foreign | page, which allows

...-amd64 xen-system-amd64 xen-hypervisor-4.4-arm64 xen-system-arm64 xen-hypervisor-4.4-armhf xen-system-armhf Architecture: all source Version: 4.4.1-9+deb8u5 Distribution: jessie-security Urgency: high Maintainer: Debian Xen Team <pkg-xen-devel at lists.alioth.debian.org> Changed-By: Salvatore Bonaccorso <carnil at debian.org> Description: libxen-4.4 - Public libs for Xen libxen-dev - Public headers and libs for Xen libxenstore3.0 - Xenstore communications library for Xen xen-hypervisor-4.4-amd64 - Xen Hypervisor on AMD64 xen-hypervisor-4.4-arm64 - Xen Hypervisor on ARM64 xen-hyperviso...

...-amd64 xen-system-amd64 xen-hypervisor-4.4-arm64 xen-system-arm64 xen-hypervisor-4.4-armhf xen-system-armhf Architecture: all source Version: 4.4.1-9+deb8u2 Distribution: jessie-security Urgency: high Maintainer: Debian Xen Team <pkg-xen-devel at lists.alioth.debian.org> Changed-By: Salvatore Bonaccorso <carnil at debian.org> Description: libxen-4.4 - Public libs for Xen libxen-dev - Public headers and libs for Xen libxenstore3.0 - Xenstore communications library for Xen xen-hypervisor-4.4-amd64 - Xen Hypervisor on AMD64 xen-hypervisor-4.4-arm64 - Xen Hypervisor on ARM64 xen-hyperviso...

...-amd64 xen-system-amd64 xen-hypervisor-4.4-arm64 xen-system-arm64 xen-hypervisor-4.4-armhf xen-system-armhf Architecture: all source Version: 4.4.1-9+deb8u2 Distribution: jessie-security Urgency: high Maintainer: Debian Xen Team <pkg-xen-devel at lists.alioth.debian.org> Changed-By: Salvatore Bonaccorso <carnil at debian.org> Description: libxen-4.4 - Public libs for Xen libxen-dev - Public headers and libs for Xen libxenstore3.0 - Xenstore communications library for Xen xen-hypervisor-4.4-amd64 - Xen Hypervisor on AMD64 xen-hypervisor-4.4-arm64 - Xen Hypervisor on ARM64 xen-hyperviso...

Source: xen Version: 4.3.0-1 Severity: serious Justification: FTBFS Hi New uploaded xen 4.3.0-1 FTBFS, see [1] for build log for i386. [1] https://buildd.debian.org/status/fetch.php?pkg=xen&arch=i386&ver=4.3.0-1&stamp=1378426577 Regards, Salvatore

Source: xen Version: 4.2.2-1 Severity: important User: debian-perl at lists.debian.org Usertags: perl-5.18-transition This package FTBFS with perl 5.18 (which will soon be uploaded to unstable) owing to a stricter pod2man: pod2text man/xl.pod.1 txt/man/xl.1.txt.tmp man/xl.pod.1 around line 854: Expected text after =item, not a bullet POD document had syntax errors at /usr/bin/pod2text line 84.

...ommon xen-utils-4.1 xen-hypervisor-4.1-amd64 xen-system-amd64 xen-hypervisor-4.1-i386 xen-system-i386 Architecture: source all amd64 Version: 4.1.4-3+deb7u9 Distribution: wheezy-security Urgency: high Maintainer: Debian Xen Team <pkg-xen-devel at lists.alioth.debian.org> Changed-By: Salvatore Bonaccorso <carnil at debian.org> Description: libxen-4.1 - Public libs for Xen libxen-dev - Public headers and libs for Xen libxen-ocaml - OCaml libraries for controlling Xen libxen-ocaml-dev - OCaml libraries for controlling Xen (devel package) libxenstore3.0 - Xenstore communications library fo...

Hi Greg, I'm not the reporter, so would like to confirm him explicitly, but I believe I can give some context: On Sat, Jan 28, 2023 at 06:51:08PM +0100, Greg KH wrote: > On Sat, Jan 28, 2023 at 03:49:59PM +0100, Computer Enthusiastic wrote: > > Hello, > > > > The patch "[Nouveau] [PATCH] nouveau: explicitly wait on the fence in > > nouveau_bo_move_m2mf"