similar to: Processed: closing 784011

Source: xen Version: 4.4.1-9 Severity: normal Tags: security upstream patch fixed-upstream Hi, the following vulnerability was published for xen. CVE-2015-3340[0]: | Xen 4.2.x through 4.5.x does not initialize certain fields, which | allows certain remote service domains to obtain sensitive information | from memory via a (1) XEN_DOMCTL_gettscinfo or (2) | XEN_SYSCTL_getdomaininfolist request.

Mapping oldstable-security to oldstable-proposed-updates. Accepted: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Fri, 12 Jun 2015 13:09:44 +0000 Source: xen Binary: xen-docs-4.1 libxen-4.1 libxenstore3.0 libxen-dev xenstore-utils libxen-ocaml libxen-ocaml-dev xen-utils-common xen-utils-4.1 xen-hypervisor-4.1-amd64 xen-system-amd64 xen-hypervisor-4.1-i386 xen-system-i386

Accepted: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Fri, 12 Jun 2015 13:09:44 +0000 Source: xen Binary: xen-docs-4.1 libxen-4.1 libxenstore3.0 libxen-dev xenstore-utils libxen-ocaml libxen-ocaml-dev xen-utils-common xen-utils-4.1 xen-hypervisor-4.1-amd64 xen-system-amd64 xen-hypervisor-4.1-i386 xen-system-i386 Architecture: source all amd64 Version: 4.1.4-3+deb7u8

On Sat, May 02, 2015 at 07:04:34AM +0200, Salvatore Bonaccorso wrote: > the following vulnerability was published for xen. I consider this issue as unimportant. Not sure how I can mark it this way in the security tracker. Bastian -- Knowledge, sir, should be free to all! -- Harry Mudd, "I, Mudd", stardate 4513.3

Processing commands for control at bugs.debian.org: > close 770230 4.5.1~rc1-1 Bug #770230 [src:xen] xen: CVE-2014-5146 CVE-2014-5149 CVE-2014-8594 CVE-2014-8595 CVE-2014-9030 Marked as fixed in versions xen/4.5.1~rc1-1. Bug #770230 [src:xen] xen: CVE-2014-5146 CVE-2014-5149 CVE-2014-8594 CVE-2014-8595 CVE-2014-9030 Marked Bug as done > thanks Stopping processing here. Please contact me if

Processing commands for control at bugs.debian.org: > close 776319 4.5.1~rc1-1 Bug #776319 [src:xen] xen: CVE-2015-0361 CVE-2015-1563 Marked as fixed in versions xen/4.5.1~rc1-1. Bug #776319 [src:xen] xen: CVE-2015-0361 CVE-2015-1563 Marked Bug as done > thanks Stopping processing here. Please contact me if you need assistance. -- 776319:

Mapping stable-security to proposed-updates. Accepted: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 25 Nov 2015 13:03:13 +0000 Source: xen Binary: libxen-4.4 libxenstore3.0 libxen-dev xenstore-utils xen-utils-common xen-utils-4.4 xen-hypervisor-4.4-amd64 xen-system-amd64 xen-hypervisor-4.4-arm64 xen-system-arm64 xen-hypervisor-4.4-armhf xen-system-armhf Architecture:

Accepted: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 25 Nov 2015 13:03:13 +0000 Source: xen Binary: libxen-4.4 libxenstore3.0 libxen-dev xenstore-utils xen-utils-common xen-utils-4.4 xen-hypervisor-4.4-amd64 xen-system-amd64 xen-hypervisor-4.4-arm64 xen-system-arm64 xen-hypervisor-4.4-armhf xen-system-armhf Architecture: source all amd64 Version: 4.4.1-9+deb8u3

Source: xen Severity: important Tags: security These Xen vulnerabilities are unfixed in unstable: CVE-2015-4164: http://xenbits.xen.org/xsa/advisory-136.html CVE-2015-4163: http://xenbits.xen.org/xsa/advisory-134.html CVE-2015-3340: http://xenbits.xen.org/xsa/advisory-132.html CVE-2015-3259: http://xenbits.xen.org/xsa/advisory-137.html Cheers, Moritz

Processing commands for control at bugs.debian.org: > close 795721 4.6.0-1 Bug #795721 [src:xen] CVE-2015-3259 CVE-2015-3340 CVE-2015-4163 CVE-2015-4164 Marked as fixed in versions xen/4.6.0-1. Bug #795721 [src:xen] CVE-2015-3259 CVE-2015-3340 CVE-2015-4163 CVE-2015-4164 Marked Bug as done > thanks Stopping processing here. Please contact me if you need assistance. -- 795721:

Processing commands for control at bugs.debian.org: > reassign 780227 src:xen Bug #780227 [xen-hypervisor-4.1-amd64] XSA-123 / CVE-2015-2151 Hypervisor memory corruption due to x86 emulator flaw Bug reassigned from package 'xen-hypervisor-4.1-amd64' to 'src:xen'. No longer marked as found in versions xen/4.1.4-1 and xen/4.1.4-3+deb7u4. No longer marked as fixed in versions

Processing commands for control at bugs.debian.org: > reassign 751894 src:xen Bug #751894 [xen] xen: CVE-2014-4021 / XSA-100 Bug reassigned from package 'xen' to 'src:xen'. No longer marked as found in versions 4.3.0-3. Ignoring request to alter fixed versions of bug #751894 to the same values previously set > merge 757724 751894 Bug #757724 [src:xen] Multiple security

Processing commands for control at bugs.debian.org: > found 780227 4.1.4-1 Bug #780227 [xen-hypervisor-4.1-amd64] XSA-123 / CVE-2015-2151 Hypervisor memory corruption due to x86 emulator flaw Marked as found in versions xen/4.1.4-1. > fixed 780227 4.1.4-3+deb7u5 Bug #780227 [xen-hypervisor-4.1-amd64] XSA-123 / CVE-2015-2151 Hypervisor memory corruption due to x86 emulator flaw Marked as

Folks, I am pleased to announce the release of Xen 4.1.4. This is available immediately from its mercurial repository: http://xenbits.xen.org/xen-4.1-testing.hg (tag RELEASE-4.1.4) This fixes the following critical vulnerabilities: * CVE-2012-3494 / XSA-12: hypercall set_debugreg vulnerability * CVE-2012-3495 / XSA-13: hypercall physdev_get_free_pirq vulnerability * CVE-2012-3496 /

Accepted: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Fri, 05 Oct 2018 19:38:52 +0100 Source: xen Binary: xenstore-utils xen-utils-common xen-hypervisor-common xen-doc xen-utils-4.11 xen-hypervisor-4.11-amd64 xen-system-amd64 xen-hypervisor-4.11-arm64 xen-system-arm64 xen-hypervisor-4.11-armhf xen-system-armhf libxen-dev libxenmisc4.11 libxencall1 libxendevicemodel1

CentOS Errata and Security Advisory 2013:X013 (Xen4CentOS) The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) ----------------------------- X86_64 ----------------------------- f3725f9d29b2fd85d3c9568d979b7ea0f26e1844bb7474b8ef4de2e124bae9ff xen-4.2.3-25.el6.centos.alt.x86_64.rpm

Source: xen Severity: grave Tags: security Multiple vulnerabilities are unfixed in xen: CVE-2015-5307: http://xenbits.xen.org/xsa/advisory-156.html CVE-2016-3960 http://xenbits.xen.org/xsa/advisory-173.html CVE-2016-3159 / CVE-2016-3158 http://xenbits.xen.org/xsa/advisory-172.html CVE-2016-2271 http://xenbits.xen.org/xsa/advisory-170.html CVE-2016-2270

All, I am pleased to announce the release of Xen 4.2.2. This is available immediately from its git repository http://xenbits.xen.org/gitweb/?p=xen.git;a=shortlog;h=refs/heads/stable-4.2 (tag RELEASE-4.2.2) or from the XenProject download page http://www.xenproject.org/downloads/xen-archives/supported-xen-42-series/xen-422.html This fixes the following critical vulnerabilities: * CVE-2012-5634 /

Send CentOS-announce mailing list submissions to centos-announce at centos.org To subscribe or unsubscribe via the World Wide Web, visit http://lists.centos.org/mailman/listinfo/centos-announce or, via email, send a message with subject or body 'help' to centos-announce-request at centos.org You can reach the person managing the list at centos-announce-owner at centos.org When

Dear Security Team, I have prepared a new upload addressing a number of open security issues in Xen. Due to the complexity of the patches that address XSA-273 [0] the packages have been built from upstream's staging-4.8 / staging-4.10 branch again as recommended in that advisory. Commits on those branches are restricted to those that address the following XSAs (cf. [1]): - XSA-273