[Pkg-xen-devel] xen_4.20.2+7-g1badcf5035-0+deb13u1_source.changes ACCEPTED into proposed-updates->stable-new
Debian FTP Masters
ftpmaster at ftp-master.debian.org
Tue Dec 2 22:17:59 GMT 2025
Thank you for your contribution to Debian.
Mapping stable-security to proposed-updates.
Accepted:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 30 Nov 2025 16:57:07 +0100
Source: xen
Architecture: source
Version: 4.20.2+7-g1badcf5035-0+deb13u1
Distribution: trixie-security
Urgency: medium
Maintainer: Debian Xen Team <pkg-xen-devel at lists.alioth.debian.org>
Changed-By: Maximilian Engelhardt <maxi at daemonizer.de>
Closes: 1105193 1120075
Changes:
xen (4.20.2+7-g1badcf5035-0+deb13u1) trixie-security; urgency=medium
.
Significant changes:
* Update to new upstream version 4.20.2+7-g1badcf5035, which also contains
security fixes for the following issues:
(Closes: #1105193) (Closes: #1120075)
- x86: Indirect Target Selection
XSA-469 CVE-2024-28956
- x86: Incorrect stubs exception handling for flags recovery
XSA-470 CVE-2025-27465
- x86: Transitive Scheduler Attacks
XSA-471 CVE-2024-36350 CVE-2024-36357
- Multiple vulnerabilities in the Viridian interface
XSA-472 CVE-2025-27466 CVE-2025-58142 CVE-2025-58143
- Arm issues with page refcounting
XSA-473 CVE-2025-58144 CVE-2025-58145
- x86: Incorrect input sanitisation in Viridian hypercalls
XSA-475 CVE-2025-58147 CVE-2025-58148
- Incorrect removal of permissions on PCI device unplug
XSA-476 CVE-2025-58149
* Note that the following XSA are not listed, because...
- XSA-468 applies to Windows PV drivers
- XSA-474 applies to XAPI which is not included in Debian
.
Packaging minor fixes and improvements:
* debian/salsa-ci.yml: adjust for trixie and new salsa-ci pipeline
Checksums-Sha1:
17554dec0ff099ceac4041ad7e001a29c09f543c 4047 xen_4.20.2+7-g1badcf5035-0+deb13u1.dsc
24bd3f07ebb7c56981501afc2375370c5d571222 4953752 xen_4.20.2+7-g1badcf5035.orig.tar.xz
cfe93818e61d4abb4c3182bc191752437c3514dc 138828 xen_4.20.2+7-g1badcf5035-0+deb13u1.debian.tar.xz
Checksums-Sha256:
09ef5bf1580062cd1062ca29bd552cb0211fd2ef0f43014dac5e08e2bd98fbb6 4047 xen_4.20.2+7-g1badcf5035-0+deb13u1.dsc
8476bb9e37fd8f7d7a0e465d43767697258120b1362575110a9c377aca026483 4953752 xen_4.20.2+7-g1badcf5035.orig.tar.xz
3c5800f5e0a4ff94eb0ced70d82b18cfc7cd3c6eaa2c5a27fc6cdfd1b514e5c5 138828 xen_4.20.2+7-g1badcf5035-0+deb13u1.debian.tar.xz
Files:
49e94e2c83385560291daa245f0af047 4047 admin optional xen_4.20.2+7-g1badcf5035-0+deb13u1.dsc
d6ff179cc60c91c5bd2fbf5f04b0012f 4953752 admin optional xen_4.20.2+7-g1badcf5035.orig.tar.xz
609b59eb39922a2f3a73119d5b0218ea 138828 admin optional xen_4.20.2+7-g1badcf5035-0+deb13u1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmku1SIACgkQEMKTtsN8
TjYlCQ/7BGqomQ63yd8vBYyV8wtnYkjint6vMiAAvfLPiPmOmEVYI/Ffi/2nD90v
n8OZ00Ezpd5lj3WfjTryNe1xrsI4prdCw79E9WrEFjJ9nrQ2n8AGtYyHd2dNg9Dh
TdM/u8xqg8gipYbgbvMvnKghyhZaGdFNtu/qyjys9BwpETg2Gl4VI7FilzfC2ASW
2VqmtKfyvTH1BxUtW68CWs8pjso/VwQR3DKopcCp0caDK4J8fGdX45Kpi8hNMSP0
yqM/fbeY+N+rMSSVXFRli4MWvm5DapzOg2GIBenHhfQyjw5Y73DrCpMj3sfvMnBT
BUC8VdlBNCamreOxtWH0n9KIKYU3MLgN8rJ9Pcg9M25ZRgSLXBlU5caCZhd4h8sS
iNeujrtzvu1ZtP7eeK+u0BE7h0Fn/MUxwP6P9h2VsW7lEH+rL3v62xiYCIqWbW6i
jEajrHgIghufppSnLCIf5Lc5O8z/V35tZonEUpSy25nxYOtfiy4h1Oz13R24nPtS
+Xbminl5nbSpIlIBO1KHkzGnUFm+bXivZpnAP2Y0WVnURgAfnNeT7OtZoYMOlWcq
ayyK/CpwGfwF7Y7RbzyrzDYs5aClnazIA5H8meDMo0YpsLLzgu1vZ4PNaikL931L
Fm0w/caz6feF/l6mhwEhlxM1bm6LEFl+2Ur5H4VJ+74b4iUMNlI=
=nChq
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-xen-devel/attachments/20251202/9cb777b3/attachment.sig>
More information about the Pkg-xen-devel
mailing list