[Pkg-xen-devel] Xen Security Update - XSA-{268,269,272,273}
Wolodja Wentland
debian at babilen5.org
Wed Aug 15 19:53:11 BST 2018
Dear Ben,
Wolodja Wentland <debian at babilen5.org> writes:
Unfortunately the mail below was sent to an incorrect address and would
not have reached you.
> I have prepared a new upload addressing a number of open security
> issues in Xen.
>
> Due to the complexity of the patches that address XSA-273 [0] the
> packages have been built from upstream's staging-4.8 / staging-4.10
> branch again as recommended in that advisory. Commits on those branches
> are restricted to those that address the following XSAs (cf. [1]):
>
> - XSA-273 (CVE-2018-3620, CVE-2018-3646)
> - XSA-272 (no CVE yet)
> - XSA-269 (no CVE yet)
> - XSA-268 (no CVE yet)
>
> In addition to the XSAs mentioned above that will be addressed by the
> upcoming upload (i.e. 4.8.4+xsa273+shim4.10.1+xsa273-1+deb9u10)
> security updates that address XSA-270 [2] have been released that need
> to be included in the kernel packaging. Linux version 4.7 and onwards
> are affected by this.
>
> [0] https://xenbits.xen.org/xsa/advisory-273.html
> [1] https://xenbits.xen.org/xsa/
> [2] https://xenbits.xen.org/xsa/advisory-270.html
> --
> Wolodja <debian at babilen5.org>
>
> 4096R/CAF14EFC
> 081C B7CD FF04 2BA9 94EA 36B2 8B7F 7D30 CAF1 4EFC
--
Wolodja <debian at babilen5.org>
4096R/CAF14EFC
081C B7CD FF04 2BA9 94EA 36B2 8B7F 7D30 CAF1 4EFC
More information about the Pkg-xen-devel
mailing list