similar to: Bug#780975: CVE-2015-2152

Source: xen Severity: important Tags: security Please see http://xenbits.xen.org/xsa/advisory-125.html http://xenbits.xen.org/xsa/advisory-126.html http://xenbits.xen.org/xsa/advisory-127.html Cheers, Moritz

Package: xen Severity: important Tags: security Justification: user security hole Hi, This issue is still unfixed in Wheezy: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-2625 Patch: http://xenbits.xensource.com/hg/xen-unstable.hg/rev/60f09d1ab1fe Cheers, Moritz

Source: xen Severity: grave Tags: security The following security issues are still open in 4.4.0-1: Xen Security Advisory CVE-2014-2599 / XSA-89 https://marc.info/?l=oss-security&m=139643934717922&w=2 Xen Security Advisory CVE-2014-3124 / XSA-92 https://marc.info/?l=oss-security&m=139894169729664&w=2 Xen Security Advisory CVE-2014-3967,CVE-2014-3968 / XSA-96

Package: xen Severity: grave Tags: security Please see http://www.openwall.com/lists/oss-security/2012/07/26/4 Cheers, Moritz

Package: xen Severity: grave Tags: security Justification: user security hole Please see the following links: http://www.openwall.com/lists/oss-security/2012/09/05/11 http://www.openwall.com/lists/oss-security/2012/09/05/10 http://www.openwall.com/lists/oss-security/2012/09/05/9 http://www.openwall.com/lists/oss-security/2012/09/05/8 http://www.openwall.com/lists/oss-security/2012/09/05/7

Source: xen Severity: grave Tags: security Multiple vulnerabilities are unfixed in xen: CVE-2015-5307: http://xenbits.xen.org/xsa/advisory-156.html CVE-2016-3960 http://xenbits.xen.org/xsa/advisory-173.html CVE-2016-3159 / CVE-2016-3158 http://xenbits.xen.org/xsa/advisory-172.html CVE-2016-2271 http://xenbits.xen.org/xsa/advisory-170.html CVE-2016-2270

Package: xen-hypervisor-4.1-amd64 Version: 4.1.4-3+deb7u4 Severity: critical Hi, Not sure how come I'm the first one to file this kind of a bug report :) but here goes JFTR... http://xenbits.xen.org/xsa/advisory-123.html was embargoed, but advance warning was given to several big Xen VM farms, which led to e.g. https://aws.amazon.com/premiumsupport/maintenance-2015-03/

Windows does have a utility that sums up all installed applications und allows to remove selected ones. Is a mechanism like that available for wine too?

Package: xen Severity: grave Tags: security Please see https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4255 for a description and a link to the upstream report/patch. Cheers, Moritz

Source: xen Severity: grave Tags: security Hi, the following security issues apply to Xen in jessie: CVE-2014-5146,CVE-2014-5149: https://marc.info/?l=oss-security&m=140784877111813&w=2 CVE-2014-8594: https://marc.info/?l=oss-security&m=141631359901060&w=2 CVE-2014-8595: https://marc.info/?l=oss-security&m=141631352601020&w=2 Cheers, Moritz

Source: xen Severity: important Tags: security Hi, please see http://xenbits.xen.org/xsa/advisory-116.html for details and a patch. Cheers, Moritz

best described here: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=64689 Confirmed also present with the rpm build at http://rsync.samba.org/ftp/rsync/binaries/redhat/rsync-2.4.6-1.i386.rpm Please cc: me on replies (I'm not on the list, yet - my procmailrc's in a major state of flux as I'm switching machines) and/or add comments to the above bugzilla entry James -- James

Salvatore Bonaccorso writes ("Re: Updated Xen packages for XSA 216..225"): > On Tue, Jul 11, 2017 at 11:34:38PM +0200, Moritz Muehlenhoff wrote: > > On Mon, Jul 03, 2017 at 12:33:54PM +0100, Ian Jackson wrote: > > > Moritz M?hlenhoff writes ("Re: Updated Xen packages for XSA 216..225"): > > > > Sorry for the late reply, was on vacation for a week.

Moritz Muehlenhoff writes ("Re: Xen package security updates for jessie 4.4, XSA-213, XSA-214"): > On Thu, May 04, 2017 at 05:06:07PM +0100, Ian Jackson wrote: > > I have fixed these in stretch but the jessie package remains unfixed. > > I think I may be able to find some backports somewhere. Would that be > > useful ? Is anyone else working on this ? > >

Hi all, I tried to modify Kaleidoscope Tutorial (toy.cpp from llvm/examples/Kaleidoscope/Chapter7, LLVM 3.3 release branch) in order to use MCJIT instead of JIT. I get segmentation fault when running toy.cpp with fibonacci example from the tutorial. My modified toy.cpp is in attachment and still works with JIT (when #define USE_MCJIT line is commented out). I read discussions regarding

I found the following problem when I try to debug "target does not support mc emission" in linux (the same code executes OK in windows): Below is a snippet extracted from this method, if (UseMCJIT && ExecutionEngine::MCJITCtor) { ExecutionEngine *EE = ExecutionEngine::MCJITCtor(M, ErrorStr, JMM, OptLevel,

Am 04.06.2013 16:05, schrieb David Tweed: > | I am curious about JMM->invalidInstructionCache(), which I found in > | lli.cpp implementation. lli.cpp contains also call finalizeObject(), I > | just overlooked it. lli.cpp calls finalizeObject(), which calls > | applyPermissions, which in turn calls invalidateInstructionCache. So why > | lli.cpp does call

You should look at http://llvm.org/viewvc/llvm-project/llvm/trunk/include/llvm/ExecutionEngine/JITMemoryManager.h?view=markup and see if inheriting from that and overriding allocateGlobal() will do what you want. I'm a little surprised the boehm gc doesn't already see the globals, since there's a reference to their memory from the JMM, but maybe it doesn't scan mmap regions by

Moritz Muehlenhoff writes ("Re: Xen package security updates for jessie 4.4, XSA-213, XSA-214"): > On Thu, May 04, 2017 at 05:59:18PM +0100, Ian Jackson wrote: > > Should I put jessie-security in the debian/changelog and dgit push it > > (ie, from many people's pov, dput it) ? > > Yes, the distribution line should be jessie-security, but please send > a

On Mon, Jul 03, 2017 at 12:33:54PM +0100, Ian Jackson wrote: > Moritz M?hlenhoff writes ("Re: Updated Xen packages for XSA 216..225"): > > Sorry for the late reply, was on vacation for a week. What's the status > > of jessie? Most of the XSAs seem to affect oldstable as well. > > Sorry, I forgot about them... > > I will see what I can do. Did you look