search for: xsa133

...e service domain. qemu-dm stubdomains are only available with the traditional "qemu-xen" version. CREDITS ======= This issue was discovered by Jason Geffner, Senior Security Researcher at CrowdStrike. RESOLUTION ========== Applying the appropriate attached patch resolves this issue. xsa133-qemuu.patch qemu-upstream-unstable, Xen 4.5.x, Xen 4.4.x xsa133-qemuu-4.3-4.2.patch qemu-upstream-unstable, Xen 4.3.x, Xen 4.2.x xsa133-qemut.patch qemu-xen-unstable, Xen 4.5.x, Xen 4.4.x, Xen 4.3.x, Xen 4.2.x $ sha256sum xsa133*.patch e7ca0106a9d4bfe472b3b52bbed8646b47305634...

...ian Changelog [2] 4.4.1-9 appeared in Debian before XSA-133 was published and xen_4.4.1-9.debian.tar.xz [3] does not seem to contain any XSA-133 patch. Could you elaborate why 4.4.1-9 is not affected? * [1] also says that latest 4.1.4-3+deb7u5 of wheezy security is vulnerable. Patch xsa133-qemut.patch (with "t") [4] seems to apply cleanly. Are there plans to roll an update for wheezy security? Best, Sebastian [1] https://security-tracker.debian.org/tracker/CVE-2015-3456 [2] http://metadata.ftp-master.debian.org/changelogs//main/x/xen/xen_4.4.1-9_changelog [3] h...