1. Forum
  2. Usenet
  3. LINUX.DEBIAN.CHANGES

  • Accepted xen 4.17.5+23-ga4e5191dc0-1+deb12u1 (source) into proposed-upd

    From Debian FTP Masters@21:1/5 to All on Fri Mar 7 20:40:01 2025
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    Format: 1.8
    Date: Wed, 19 Feb 2025 00:00:27 +0100
    Source: xen
    Architecture: source
    Version: 4.17.5+23-ga4e5191dc0-1+deb12u1
    Distribution: bookworm
    Urgency: medium
    Maintainer: Debian Xen Team <pkg-xen-devel@lists.alioth.debian.org>
    Changed-By: Maximilian Engelhardt <maxi@daemonizer.de>
    Closes: 1092495
    Changes:
    xen (4.17.5+23-ga4e5191dc0-1+deb12u1) bookworm; urgency=medium
    .
    * Ignore lintian error not relevant for bookworm in salsa-ci.
    * Cherry-pick e6472d4668 (tools/xg: increase LZMA_BLOCK_SIZE for
    uncompressing the kernel) to allow direct kernel boot with kernels >=
    6.12 (Closes: #1092495).
    .
    xen (4.17.5+23-ga4e5191dc0-1) bookworm-security; urgency=medium
    .
    * Update to new upstream version 4.17.5+23-ga4e5191dc0, which also contains
    security fixes for the following issues:
    - x86: shadow stack vs exceptions from emulation stubs
    XSA-451 CVE-2023-46841
    - x86: Register File Data Sampling
    XSA-452 CVE-2023-28746
    - GhostRace: Speculative Race Conditions
    XSA-453 CVE-2024-2193
    - x86 HVM hypercalls may trigger Xen bug check
    XSA-454 CVE-2023-46842
    - x86: Incorrect logic for BTC/SRSO mitigations
    XSA-455 CVE-2024-31142
    - x86: Native Branch History Injection
    XSA-456 CVE-2024-2201
    - double unlock in x86 guest IRQ handling
    XSA-458 CVE-2024-31143
    - error handling in x86 IOMMU identity mapping
    XSA-460 CVE-2024-31145
    - PCI device pass-through with shared resources
    XSA-461 CVE-2024-31146
    - x86: Deadlock in vlapic_error()
    XSA-462 CVE-2024-45817
    - Deadlock in x86 HVM standard VGA handling
    XSA-463 CVE-2024-45818
    - libxl leaks data to PVH guests via ACPI tables
    XSA-464 CVE-2024-45819
    * Note that the following XSA are not listed, because...
    - XSA-457 and XSA-465 have patches for the Linux kernel.
    - XSA-459 is within Xapi which is not shipped by this package.
    - XSA-466 contains a documentation update that was only applied to the
    current development version of Xen
    Checksums-Sha1:
    39fe2824bf4a3c854476ab4fbf7c76dae695fe83 4522 xen_4.17.5+23-ga4e5191dc0-1+deb12u1.dsc
    7a8c3d63afea82b677b48a5cab573e471fdaa397 138360 xen_4.17.5+23-ga4e5191dc0-1+deb12u1.debian.tar.xz
    Checksums-Sha256:
    ce58dba9623c85f54fd3d2614819b31b50ffce98d1c8854195aeba42a5740c79 4522 xen_4.17.5+23-ga4e5191dc0-1+deb12u1.dsc
    e779b397afebb8fb9d4d3f42b9531a29ab0444e5dad28a5498de361fdcc41be7 138360 xen_4.17.5+23-ga4e5191dc0-1+deb12u1.debian.tar.xz
    Files:
    b3803e3249ce7d6f8694f4740bbd3fff 4522 admin optional xen_4.17.5+23-ga4e5191dc0-1+deb12u1.dsc
    551c81f43e2e81057e6d743e83f14bab 138360 admin optional xen_4.17.5+23-ga4e5191dc0-1+deb12u1.debian.tar.xz

    -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCgAdFiEESWyddwNaG9637koYssHfcmNhX2wFAmfKBxEACgkQssHfcmNh X2wmnRAApo4AukWKZPuQR6f0qaXSd98yNHz7/dtOYtn8eJjL88nDTHBqxRQzpf4j cNdHxTJVGhwjzHgBav9fKTSa2pVlXUVdNXCB9VdyOhDqRZDOY8fek6j766spA8cU xVYGsorUF5SAnXePkC1Q+H/BXpa3l2e1TEDM7ZJyipBpmhS+5QANlEL5sEqvRd82 dbUQAkliZiMrRpWeEa7bPe5ZLUSxuLoIps0TUrmvg+ZrkKbTED2TvK5vMxXGoyNv IKGlgwYnUdjiB9XFAIH2WwJ0NwFAMXfYlvezzRPHMwUGGjOweeGH4bOI78Jt2tPO 28ER+A6kXJWIeZBLpavY3Tair+OzL5EtKlre5l+FdKDDKyvYVteSTbEIlRrwi8gz Wo90mvjHmr9OOXnr0+baEMfewjVYkBj9wOko0LYe883hBOOnWMNUrJdJipoJcQ2c EqgdBLmpnxFMkvNO1fDT1/5eQOGzYYZkT8r+jEn2pL4KvIFuhDy6aCVzDX11/fI8 LiRQf6qXph9yX/iEQ3Krd8JoXB1h/VHgGrQZnUOSDRjWWIJvRWx5S0ZujeKWTo2m pSqmrqXoyEY2tfRjY/yyVfXfCrXtcwco9Gy9QwJ/bdlcn4KCefxQOZss0Hqui3mN jx4tzdE+cMi/4TWJ6FqOu0p2EID/LJyU1cULUbzUoUIu0O8FehE=
    =1MS5
    -----END PGP SIGNATURE-----


    --==============@96986103233054272=Content-Type: application/pgp-signature

    -----BEGIN PGP SIGNATURE-----

    iHUEABYIAB0WIQTziqJOuF8J+ZI8pJSb9qggYcy5IQUCZ8tJvgAKCRCb9qggYcy5 IXMLAQDvmtvLue6VxbJCrHluRIdpin7awt9vUBvPSNnHYw11MwD+KvbChF6zjOgQ XAb9MCimjqM+IIJBOfO3pys8hqpPkQE=sBiO
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)