[Pkg-xen-devel] xen_4.17.5+72-g01140da4e8-1_source.changes ACCEPTED into oldstable-proposed-updates

Debian FTP Masters ftpmaster at ftp-master.debian.org
Fri Dec 5 16:03:34 GMT 2025 

Thank you for your contribution to Debian.



Accepted:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 29 Nov 2025 14:52:25 +0100
Source: xen
Architecture: source
Version: 4.17.5+72-g01140da4e8-1
Distribution: bookworm-security
Urgency: medium
Maintainer: Debian Xen Team <pkg-xen-devel at lists.alioth.debian.org>
Changed-By: Hans van Kranenburg <hans at knorrie.org>
Closes: 1092495 1105193 1105222 1120075
Changes:
 xen (4.17.5+72-g01140da4e8-1) bookworm-security; urgency=medium
 .
   Significant changes:
   * Update to new upstream version 4.17.5+72-g01140da4e8, which also contains
     security fixes for the following issues:
     (Closes: #1105193) (Closes: #1120075)
     - deadlock potential with VT-d and legacy PCI device pass-through
       XSA-467 CVE-2025-1713
     - x86: Indirect Target Selection
       XSA-469 CVE-2024-28956
     - x86: Incorrect stubs exception handling for flags recovery
       XSA-470 CVE-2025-27465
     - x86: Transitive Scheduler Attacks
       XSA-471 CVE-2024-36350 CVE-2024-36357
     - Multiple vulnerabilities in the Viridian interface
       XSA-472 CVE-2025-27466 CVE-2025-58142 CVE-2025-58143
     - Arm issues with page refcounting
       XSA-473 CVE-2025-58144 CVE-2025-58145
     - x86: Incorrect input sanitisation in Viridian hypercalls
       XSA-475 CVE-2025-58147 CVE-2025-58148
     - Incorrect removal of permissions on PCI device unplug
       XSA-476 CVE-2025-58149
   * Note that the following XSA are not listed, because...
      - XSA-468 applies to Windows PV drivers
      - XSA-474 applies to XAPI which is not included in Debian
 .
   Packaging minor fixes and improvements:
   * debian/salsa-ci.yml: adjust for new salsa-ci pipeline
 .
   Additional changes for 4.17 that were not backported upstream:
   * Cherry-pick dd05d265b8 ("x86/intel: Fix PERF_GLOBAL fixup when
     virtualised") to fix a boot loop when using Xen under nested
     virtualization (Closes: #1105222)
 .
 xen (4.17.5+23-ga4e5191dc0-1+deb12u1) bookworm; urgency=medium
 .
   * Ignore lintian error not relevant for bookworm in salsa-ci.
   * Cherry-pick e6472d4668 (tools/xg: increase LZMA_BLOCK_SIZE for
     uncompressing the kernel) to allow direct kernel boot with kernels >=
     6.12 (Closes: #1092495).
Checksums-Sha1:
 d03ef7857b919f4bedeccc2cad4e8653edc2e54a 4357 xen_4.17.5+72-g01140da4e8-1.dsc
 484aee73ee641a79784ccca082d88548f1979258 4735560 xen_4.17.5+72-g01140da4e8.orig.tar.xz
 d4cd8a6ea02d46f176911e307579dc706445215b 139916 xen_4.17.5+72-g01140da4e8-1.debian.tar.xz
Checksums-Sha256:
 f13956b67fb7a65707c2b0620d89b41ee5d203434dd7bb913017356791ee66c1 4357 xen_4.17.5+72-g01140da4e8-1.dsc
 53922f4d0a02c577f2ea9d63f65989cd88715779eebeed879ca1d314103ee06e 4735560 xen_4.17.5+72-g01140da4e8.orig.tar.xz
 5bcf3812c64585e270e0b3fa6ee8fd16dff7b9bc0f61375d648c64672484c4d9 139916 xen_4.17.5+72-g01140da4e8-1.debian.tar.xz
Files:
 cc505f0bae1df37fc71190cece7ef8c6 4357 admin optional xen_4.17.5+72-g01140da4e8-1.dsc
 a06455fe8e2cb343077c1160dcbb542d 4735560 admin optional xen_4.17.5+72-g01140da4e8.orig.tar.xz
 0cc6fc105905d9e93bd1a9bc6ebac890 139916 admin optional xen_4.17.5+72-g01140da4e8-1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmku1R8ACgkQEMKTtsN8
Tja3WhAAmClBrRJmNE9WkWcdjxCTkOt4keVmN1KCwF5AWgV6f6xzT5HXD1JuG9jY
lNTuaXOcUsAaOn8aLiCWl0+42U0bQMWWYIPP/4V5yBVod1WMl4muGl+nSr/y0+xs
87TGQ97bEgyvhKGVoYeTG9ypXwB/5nACpVkSi4SZs5c2ZNMCSB2SrDSv2CCexmFW
0ZGOGgeAXDYT/2/1OEbJ48ksvnAue2uaZx3HiD3wx1w8vczHKYWABDOMXNrOUR8/
V3pYw3IpdrM8EoUnfW8QXblTDuzIqHZthVyn3dDfO/KV25/DMl+g+oqL3CXlS6/K
WblGxF3o/sy3KWB6yFDaPQ9H5X4TktreM+DJFAETYmHtZavD4MC7vyKqBxreoF6A
8Y6jtqa0+bgRd5xm4OSrKHhNQXzUE/5HZK+TQiznvc4wIAzzNY7JUuctGHji6Ugk
Uh+J3K1tK8TwiDNiB5Qcwh+reAm68o5aIO8zgvvUDYodyo0hitVpo2V4Pj62JGKL
UpwPGZNu7zfgEaXi8ZOkOnX+v35fBItI9cPe7Yd9zi8RSVqI03k83Jv5+Lq/0R0h
/HmeYAMuJo5BI5islx540orIm9UvzxwqxdoVmF0GUo7uIK2X0PxpvPQiFKfJsPDq
lvJotSsLT1TZpYsOSa6JJWVOnyMeQkjrjIqEk8DaKwK7SBV06yY=
=CISm
-----END PGP SIGNATURE-----

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-xen-devel/attachments/20251205/866e4edd/attachment.sig>

More information about the Pkg-xen-devel mailing list