[Pkg-xen-devel] Recent Linux kernel CVEs related to Xen (CVE-2021-26930, CVE-2021-26931, CVE-2021-26932)
Hans van Kranenburg
hans at knorrie.org
Sun Mar 7 21:05:06 GMT 2021
On 2/26/21 12:45 AM, Hans van Kranenburg wrote:
> On 2/25/21 11:27 PM, Andy Smith wrote:
>> Hi Debian Xen maintainers,
>>
>> The recent CVEs relating to Xen in the Linux kernel don't seem to
>> have been fixed yet in Debian:
>>
>> https://security-tracker.debian.org/tracker/CVE-2021-26930
>> https://security-tracker.debian.org/tracker/CVE-2021-26931
>> https://security-tracker.debian.org/tracker/CVE-2021-26932
>>
>> Do you know if the kernel maintainers will automatically be picking
>> up fixes for these at some point, or if something needs prodding
>> somewhere in order to get a kernel update in stable?
>
> It's in 4.19.177, it's queued.
I see the kernel team is doing a security update with 4.19.177-1.
I have a TODO item for tomorrow to also prepare a buster-security update
for Xen 4.11, so it can go along.
> https://salsa.debian.org/kernel-team/linux/-/commit/e141a276beb131fbaba3ac894984175f598c8f71
>
> For information about when kernel team decides to do an intermediary
> extra security update before the next point release or not, please ask
> the kernel team.
Hans
More information about the Pkg-xen-devel
mailing list