[Pkg-xen-devel] Xen Security Update - XSA-{268,269,272,273}
Wolodja Wentland
debian at babilen5.org
Wed Aug 15 19:23:55 BST 2018
Dear Security Team,
I have prepared a new upload addressing a number of open security
issues in Xen.
Due to the complexity of the patches that address XSA-273 [0] the
packages have been built from upstream's staging-4.8 / staging-4.10
branch again as recommended in that advisory. Commits on those branches
are restricted to those that address the following XSAs (cf. [1]):
- XSA-273 (CVE-2018-3620, CVE-2018-3646)
- XSA-272 (no CVE yet)
- XSA-269 (no CVE yet)
- XSA-268 (no CVE yet)
In addition to the XSAs mentioned above that will be addressed by the
upcoming upload (i.e. 4.8.4+xsa273+shim4.10.1+xsa273-1+deb9u10)
security updates that address XSA-270 [2] have been released that need
to be included in the kernel packaging. Linux version 4.7 and onwards
are affected by this.
[0] https://xenbits.xen.org/xsa/advisory-273.html
[1] https://xenbits.xen.org/xsa/
[2] https://xenbits.xen.org/xsa/advisory-270.html
--
Wolodja <debian at babilen5.org>
4096R/CAF14EFC
081C B7CD FF04 2BA9 94EA 36B2 8B7F 7D30 CAF1 4EFC
More information about the Pkg-xen-devel
mailing list