similar to: Processed: tagging 780227

Processing commands for control at bugs.debian.org: > reassign 780227 src:xen Bug #780227 [xen-hypervisor-4.1-amd64] XSA-123 / CVE-2015-2151 Hypervisor memory corruption due to x86 emulator flaw Bug reassigned from package 'xen-hypervisor-4.1-amd64' to 'src:xen'. No longer marked as found in versions xen/4.1.4-1 and xen/4.1.4-3+deb7u4. No longer marked as fixed in versions

Processing commands for control at bugs.debian.org: > found 780227 4.1.4-1 Bug #780227 [xen-hypervisor-4.1-amd64] XSA-123 / CVE-2015-2151 Hypervisor memory corruption due to x86 emulator flaw Marked as found in versions xen/4.1.4-1. > fixed 780227 4.1.4-3+deb7u5 Bug #780227 [xen-hypervisor-4.1-amd64] XSA-123 / CVE-2015-2151 Hypervisor memory corruption due to x86 emulator flaw Marked as

Package: xen-hypervisor-4.1-amd64 Version: 4.1.4-3+deb7u4 Severity: critical Hi, Not sure how come I'm the first one to file this kind of a bug report :) but here goes JFTR... http://xenbits.xen.org/xsa/advisory-123.html was embargoed, but advance warning was given to several big Xen VM farms, which led to e.g. https://aws.amazon.com/premiumsupport/maintenance-2015-03/

All, I am pleased to announce the release of Xen 4.2.2. This is available immediately from its git repository http://xenbits.xen.org/gitweb/?p=xen.git;a=shortlog;h=refs/heads/stable-4.2 (tag RELEASE-4.2.2) or from the XenProject download page http://www.xenproject.org/downloads/xen-archives/supported-xen-42-series/xen-422.html This fixes the following critical vulnerabilities: * CVE-2012-5634 /

Processing commands for control at bugs.debian.org: > reassign 751894 src:xen Bug #751894 [xen] xen: CVE-2014-4021 / XSA-100 Bug reassigned from package 'xen' to 'src:xen'. No longer marked as found in versions 4.3.0-3. Ignoring request to alter fixed versions of bug #751894 to the same values previously set > merge 757724 751894 Bug #757724 [src:xen] Multiple security

Processing commands for control at bugs.debian.org: > close 784011 4.5.1~rc1-1 Bug #784011 [src:xen] xen: CVE-2015-3340: Information leak through XEN_DOMCTL_gettscinfo (XSA-132) Marked as fixed in versions xen/4.5.1~rc1-1. Bug #784011 [src:xen] xen: CVE-2015-3340: Information leak through XEN_DOMCTL_gettscinfo (XSA-132) Marked Bug as done > thanks Stopping processing here. Please contact

Processing commands for control at bugs.debian.org: > tags 781620 + upstream fixed-upstream Bug #781620 [src:xen] CVE-2015-2751 CVE-2015-2752 CVE-2015-2756 Added tag(s) upstream and fixed-upstream. > found 781620 4.4.1-8 Bug #781620 [src:xen] CVE-2015-2751 CVE-2015-2752 CVE-2015-2756 Marked as found in versions xen/4.4.1-8. > thanks Stopping processing here. Please contact me if you

Processing commands for control at bugs.debian.org: > user debian-security at lists.debian.org Setting user to debian-security at lists.debian.org (was carnil at debian.org). > usertags 776319 + tracked There were no usertags set. Usertags are now: tracked. > tags 776319 + upstream fixed-upstream Bug #776319 [src:xen] CVE-2015-0361 Added tag(s) upstream and fixed-upstream. > retitle

Looks like this never got a response from anyone. On 6/25/19 10:15 AM, Yuriy Kohut wrote: > Hello, > > Are XSA-289 and XSA-274/CVE-2018-14678 fixed with Xen recent 4.8, 4.10 and kernel 4.9.177 packages ? XSA-289 is a tricky subject. In the end, it was effectively decided that these patches were not recommended until they were reviewed again and XSA-289 has no official list of flaws

Folks, I am pleased to announce the release of Xen 4.1.4. This is available immediately from its mercurial repository: http://xenbits.xen.org/xen-4.1-testing.hg (tag RELEASE-4.1.4) This fixes the following critical vulnerabilities: * CVE-2012-3494 / XSA-12: hypercall set_debugreg vulnerability * CVE-2012-3495 / XSA-13: hypercall physdev_get_free_pirq vulnerability * CVE-2012-3496 /

CentOS Errata and Security Advisory 2013:X013 (Xen4CentOS) The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) ----------------------------- X86_64 ----------------------------- f3725f9d29b2fd85d3c9568d979b7ea0f26e1844bb7474b8ef4de2e124bae9ff xen-4.2.3-25.el6.centos.alt.x86_64.rpm

Source: xen Severity: grave Tags: security Multiple vulnerabilities are unfixed in xen: CVE-2015-5307: http://xenbits.xen.org/xsa/advisory-156.html CVE-2016-3960 http://xenbits.xen.org/xsa/advisory-173.html CVE-2016-3159 / CVE-2016-3158 http://xenbits.xen.org/xsa/advisory-172.html CVE-2016-2271 http://xenbits.xen.org/xsa/advisory-170.html CVE-2016-2270

Mapping stable-security to proposed-updates. Accepted: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 25 Nov 2015 13:03:13 +0000 Source: xen Binary: libxen-4.4 libxenstore3.0 libxen-dev xenstore-utils xen-utils-common xen-utils-4.4 xen-hypervisor-4.4-amd64 xen-system-amd64 xen-hypervisor-4.4-arm64 xen-system-arm64 xen-hypervisor-4.4-armhf xen-system-armhf Architecture:

Accepted: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 25 Nov 2015 13:03:13 +0000 Source: xen Binary: libxen-4.4 libxenstore3.0 libxen-dev xenstore-utils xen-utils-common xen-utils-4.4 xen-hypervisor-4.4-amd64 xen-system-amd64 xen-hypervisor-4.4-arm64 xen-system-arm64 xen-hypervisor-4.4-armhf xen-system-armhf Architecture: source all amd64 Version: 4.4.1-9+deb8u3

Send CentOS-announce mailing list submissions to centos-announce at centos.org To subscribe or unsubscribe via the World Wide Web, visit http://lists.centos.org/mailman/listinfo/centos-announce or, via email, send a message with subject or body 'help' to centos-announce-request at centos.org You can reach the person managing the list at centos-announce-owner at centos.org When

Accepted: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Fri, 05 Oct 2018 19:38:52 +0100 Source: xen Binary: xenstore-utils xen-utils-common xen-hypervisor-common xen-doc xen-utils-4.11 xen-hypervisor-4.11-amd64 xen-system-amd64 xen-hypervisor-4.11-arm64 xen-system-arm64 xen-hypervisor-4.11-armhf xen-system-armhf libxen-dev libxenmisc4.11 libxencall1 libxendevicemodel1

Dear Security Team, I have prepared a new upload addressing a number of open security issues in Xen. Due to the complexity of the patches that address XSA-273 [0] the packages have been built from upstream's staging-4.8 / staging-4.10 branch again as recommended in that advisory. Commits on those branches are restricted to those that address the following XSAs (cf. [1]): - XSA-273

The following packages are updated for Xen4CentOS for CentOS 6: Source: 942bc436e401c798991ae4ca956082c12a5a3b65ec53cd7ec9901dda7704f9b7 e1000e-2.5.4-3.10.63.2.el6.centos.alt.src.rpm aa46f97636568c46295d2d99f1e33b5fda50df707a2a8321a516200b8b4e95a6 kernel-3.10.63-11.el6.centos.alt.src.rpm ea44d2658e096ef6f00f7dfd4fecc6bff977d959563e4929539d23643b134c3a libvirt-0.10.2.8-9.el6.centos.alt.src.rpm

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2013-2072 / XSA-56 version 2 Buffer overflow in xencontrol Python bindings affecting xend UPDATES IN VERSION 2 ==================== Public release. ISSUE DESCRIPTION ================= The Python bindings for the xc_vcpu_setaffinity call do not properly check their inputs. Systems

Processing commands for control at bugs.debian.org: > found 751894 4.3.0-3 Bug #751894 [xen] xen: CVE-2014-4021 / XSA-100 There is no source info for the package 'xen' at version '4.3.0-3' with architecture '' Unable to make a source version for version '4.3.0-3' Marked as found in versions 4.3.0-3. > thanks Stopping processing here. Please contact me if you