similar to: Updated Xen packages for XSA 216..225

Displaying 20 results from an estimated 4000 matches similar to: "Updated Xen packages for XSA 216..225"

2017 Jul 02
2
Updated Xen packages for XSA 216..225
On Tue, Jun 20, 2017 at 02:06:17PM +0100, Ian Jackson wrote: > Ian Jackson writes ("Updated Xen packages for XSA 216..225"): > > FYI I will have an upload ready RSN. Where should I send it ? > > > > Matthew Vernon has offered to test my amd64 binaries. I will test the > > i386 packages myself. > > In fact, I have built and tested amd64 binaries.
2017 Jul 17
2
Updated Xen packages for XSA 216..225
Salvatore Bonaccorso writes ("Re: Updated Xen packages for XSA 216..225"): > On Tue, Jul 11, 2017 at 11:34:38PM +0200, Moritz Muehlenhoff wrote: > > On Mon, Jul 03, 2017 at 12:33:54PM +0100, Ian Jackson wrote: > > > Moritz M?hlenhoff writes ("Re: Updated Xen packages for XSA 216..225"): > > > > Sorry for the late reply, was on vacation for a week.
2017 Jul 11
2
Updated Xen packages for XSA 216..225
On Mon, Jul 03, 2017 at 12:33:54PM +0100, Ian Jackson wrote: > Moritz M?hlenhoff writes ("Re: Updated Xen packages for XSA 216..225"): > > Sorry for the late reply, was on vacation for a week. What's the status > > of jessie? Most of the XSAs seem to affect oldstable as well. > > Sorry, I forgot about them... > > I will see what I can do. Did you look
2017 May 04
2
Bug#861660: Xen package security updates for jessie 4.4, XSA-213, XSA-214
Moritz Muehlenhoff writes ("Re: Xen package security updates for jessie 4.4, XSA-213, XSA-214"): > On Thu, May 04, 2017 at 05:59:18PM +0100, Ian Jackson wrote: > > Should I put jessie-security in the debian/changelog and dgit push it > > (ie, from many people's pov, dput it) ? > > Yes, the distribution line should be jessie-security, but please send > a
2017 May 04
3
Bug#861660: Xen package security updates for jessie 4.4, XSA-213, XSA-214
Moritz Muehlenhoff writes ("Re: Xen package security updates for jessie 4.4, XSA-213, XSA-214"): > On Thu, May 04, 2017 at 05:06:07PM +0100, Ian Jackson wrote: > > I have fixed these in stretch but the jessie package remains unfixed. > > I think I may be able to find some backports somewhere. Would that be > > useful ? Is anyone else working on this ? > >
2017 May 04
4
Xen package security updates for jessie 4.4, XSA-213, XSA-214
Moritz Muehlenhoff writes ("Re: Xen package security updates for jessie 4.4, XSA-213, XSA-214"): > Yes, the distribution line should be jessie-security, but please send > a debdiff to team at security.debian.org for a quick review before > uploading (I have no idea whether dgit supports security-master). Here is the proposed debdiff (actually, a git diff) for xen in jessie. My
2017 May 04
2
Xen package security updates for jessie 4.4, XSA-213, XSA-214
Ian Jackson writes ("64bit PV guest breakout [XSA-213]"): > Source: xen > Version: 4.4.1-9 > Severity: important > Tags: security upstream fixed-upstream > > See > https://xenbits.xen.org/xsa/advisory-213.html Ian Jackson writes ("grant transfer allows PV guest to elevate privileges [XSA-214]"): > Source: xen > Version: 4.4.1-9 > Severity:
2017 Sep 13
2
Updated Xen packages for XSA 216..225
Moritz M?hlenhoff writes ("Re: Updated Xen packages for XSA 216..225"): > Since the queue was already quite big and this update was ready > I went ahead and released what we had for now. Yes, sorry, I should have been explicit that that's what I expected you to do... Ian.
2017 Sep 12
3
Updated Xen packages for XSA 216..225
Moritz M?hlenhoff writes ("Re: Updated Xen packages for XSA 216..225"): > Sorry for the late reply. The updates look fine and I've written > up an advisory text. > > I don't use Xen myself and don't have a test setup. Have these > been tested on a jessie/stretch system already or shall we pass > these to users who've volunteered for tests in the past?
2017 Sep 04
3
Updated Xen packages for XSA 216..225
On Mon, Aug 07, 2017 at 01:15:56PM +0200, Moritz Muehlenhoff wrote: > On Mon, Jul 17, 2017 at 03:58:20PM +0100, Ian Jackson wrote: > > Salvatore Bonaccorso writes ("Re: Updated Xen packages for XSA 216..225"): > > > On Tue, Jul 11, 2017 at 11:34:38PM +0200, Moritz Muehlenhoff wrote: > > > > On Mon, Jul 03, 2017 at 12:33:54PM +0100, Ian Jackson wrote: >
2017 Sep 07
2
Updated Xen packages for XSA 216..225
(*Really* switching to my personal address not because I'm not doing work for Citrix, but because the corporate email is not working properly. Sigh. Also, email updated a bit.) Ian Jackson writes ("Re: Updated Xen packages for XSA 216..225"): > Ian Jackson writes ("Re: Updated Xen packages for XSA 216..225"): > > Hi. I was away and am now back. There are a lot
2018 Aug 15
6
Xen Security Update - XSA-{268,269,272,273}
Dear Security Team, I have prepared a new upload addressing a number of open security issues in Xen. Due to the complexity of the patches that address XSA-273 [0] the packages have been built from upstream's staging-4.8 / staging-4.10 branch again as recommended in that advisory. Commits on those branches are restricted to those that address the following XSAs (cf. [1]): - XSA-273
2017 Aug 23
2
4.4.4-26 with XSA-226, 227, 230 in centos-virt-testing
Xen 4.4.4 along with kernel 4.9.44 containing patches for XSAs (226 - 230) from August 15th are now available in centos-virt-testing. If possible, please test and provide feedback here so we can move these to release soon. XSA-228 did not affect Xen 4.4 XSA-229 only applies to the kernel XSA-235 disclosed today only affects ARM and isn't going to be added to these packages. Thanks. --
2017 Nov 28
2
4.4.4-26 with XSA-226, 227, 230 in centos-virt-testing
Kevin has been rolling back the security updates to the 4.4 branch. He has been working with some of the other distros (debian for sure, and some others on the xen security list). I think it is his intention to continue this for as long as he is able to. (Kevin, chime in if you have a schedule lifetime or EOL in mind) As long as Kevin (or anyone else) maintains the tree, I am happy to build
2017 Dec 22
3
Xen packaging in Debian
To: Debian xen and kernel team list, Ian Jackson Cc: Stefan Bader, maintainer of xen packages in Ubuntu Hi all, Short version: Hi! I'd like to help with the Xen packaging in Debian. Long version: Q: Who are you? How are you related to Debian an the Xen project? A: Hi, I'm Hans van Kranenburg, nickname Knorrie, I live in the Netherlands. I'm a Debian user since 2002, and have been
2017 Feb 17
2
Xen updates in the Testing Repo for XSA-207 and XSA-208
Given the circumstances, might it make sense to offer formal advisories of some type for these to indicate when the packages going to live are for security or other reasons? On 02/17/2017 09:51 AM, Johnny Hughes wrote: > These updates have now been pushed to mirror.centos.org and you can get > them from the main repos. > > On 02/15/2017 08:27 AM, Johnny Hughes wrote: >> There
2017 Apr 04
4
Bug#859560: xen: CVE-2017-7228: x86: broken check in memory_exchange() permits PV guest breakout (XSA-212)
Source: xen Version: 4.8.1~pre.2017.01.23-1 Severity: grave Tags: security upstream Justification: user security hole Hi, the following vulnerability was published for xen. CVE-2017-7228[0]: | An issue (known as XSA-212) was discovered in Xen, with fixes available | for 4.8.x, 4.7.x, 4.6.x, 4.5.x, and 4.4.x. The earlier XSA-29 fix | introduced an insufficient check on XENMEM_exchange input,
2015 Mar 10
2
Bug#780227: XSA-123 / CVE-2015-2151 Hypervisor memory corruption due to x86 emulator flaw
Package: xen-hypervisor-4.1-amd64 Version: 4.1.4-3+deb7u4 Severity: critical Hi, Not sure how come I'm the first one to file this kind of a bug report :) but here goes JFTR... http://xenbits.xen.org/xsa/advisory-123.html was embargoed, but advance warning was given to several big Xen VM farms, which led to e.g. https://aws.amazon.com/premiumsupport/maintenance-2015-03/
2018 Aug 23
3
git workflow, redux
Summary: I have tried the packaging-only repo and I really don't like it at all. I don't know how anyone copes with this - such hard work! IMO we should switch to git-debrebase. (As an alternative, if you don't trust git-debrebase because it's my own tool, gbp pq would be better, too, even though it's not as good as git-debrebase.) Particularly, now that we have more people
2013 Nov 20
3
Invalid VA => ptr conversion with xc_dom_* API after XSA-55 fox
Hi list, Jeff and FastIce pointed out a regression between Xen 4.1.2 and 4.1.6 when starting NetBSD domU; the kernel syms table gets slightly corrupted [1]. After dwelling into libxc code, FastIce noticed that changing back the return value to "ptr + offset" (instead of just "ptr") for xc_dom_vaddr_to_ptr() makes it work again. According to [2] while fixing XSA-55, Ian