[Pkg-xen-devel] Bug#947944: xen: Several CVEs open for xen (CVE-2018-12207 CVE-2019-11135 CVE-2019-18420 CVE-2019-18421 CVE-2019-18422 CVE-2019-18423 CVE-2019-18424 CVE-2019-18425 CVE-2019-19577 CVE-2019-19578 CVE-2019-19579 CVE-2019-19580 CVE-2019-19581 CVE-2019-19582 CVE-2019-19583)
Hans van Kranenburg
hans at knorrie.org
Wed Jan 8 12:38:48 GMT 2020
On 1/7/20 11:34 PM, Hans van Kranenburg wrote:
> [...]
>
> Today I have finally been working on this. The result is that I at least
> have a new (WIP) version for buster. I'm running it on a dom0 right now
> and did smoke testing, live migrate, restarting domUs etc. It just works
> (tm).
>
> This was the easy part, most of the work was assembling the changelog by
> copy-pasting things. I cross-checked with your list (below), which is
> nice, since we can check that way that the info from different points of
> view is the same (except for one entry it is).
>
> https://salsa.debian.org/xen-team/debian-xen/commits/knorrie/buster-security
>
> Now the interesting part begins, which is not so much about the stable
> security update, but more about what to do with unstable. We currently
> still have the same Xen version in unstable and in Buster.
>
> So, the most logical thing, which I mentioned before would be to have
> 4.11.3+24-g14b62ab3e5-1 in unstable and 4.11.3+24-g14b62ab3e5-1~deb10u1
> in stable.
Ok, this will just be ok, since I was confused about the
python-pyxenstore package, and thought it was a by-product from our
src:xen. This is not the case, it's a separate thing. So, false alarm.
> [...]
That means that the original plan will suffice for now.
The whole python2 situation will be resolved when we prepare Xen 4.13 or
4.14, or whichever one will be the Bullseye one.
The result:
https://salsa.debian.org/xen-team/debian-xen/tree/knorrie/unstable
https://salsa.debian.org/xen-team/debian-xen/tree/knorrie/buster-security
I just built and tested both of the resulting piles of packages, on
buster and on a bullseye dom0. All looks fine, I can live migrate,
restart things etc etc...
So, next step is getting things uploaded to the right place.
Hans
More information about the Pkg-xen-devel
mailing list