- xen (4.14.5+24-g87d90d511c-1+rpi1) bullseye-staging; urgency=medium
++xen (4.14.5+86-g1c354767d5-1+rpi1) bullseye-staging; urgency=medium
+
+ [changes brought forward from 4.4.1-9+rpi1 by Peter Michael Green <plugwash@raspbian.org> at Sun, 30 Aug 2015 15:43:16 +0000]
+ * replace "dmb" with "mcr p15, #0, r0, c7, c10, #5" for armv6
+
+ [changes introduced in 4.6.0-1+rpi1 by Peter Michael Green]
+ * Use kernel 3.18 for now as I haven't dealt with 4.x yet.
+
+ [changes introduced in 4.11.1+26-g87f51bf366-3+rpi1 by Peter Michael Green]
+ * Do not fail on files that are not installed.
+
- -- Raspbian forward porter <root@raspbian.org> Tue, 19 Jul 2022 10:00:46 +0000
++ -- Raspbian forward porter <root@raspbian.org> Wed, 09 Nov 2022 05:48:53 +0000
++
+ xen (4.14.5+86-g1c354767d5-1) bullseye-security; urgency=medium
+
+ * Update to new upstream version 4.14.5+86-g1c354767d5, which also contains
+ security fixes for the following issues: (Closes: #1021668)
+ - Xenstore: guests can let run xenstored out of memory
+ XSA-326 CVE-2022-42311 CVE-2022-42312 CVE-2022-42313 CVE-2022-42314
+ CVE-2022-42315 CVE-2022-42316 CVE-2022-42317 CVE-2022-42318
+ - insufficient TLB flush for x86 PV guests in shadow mode
+ XSA-408 CVE-2022-33745
+ - Arm: unbounded memory consumption for 2nd-level page tables
+ XSA-409 CVE-2022-33747
+ - P2M pool freeing may take excessively long
+ XSA-410 CVE-2022-33746
+ - lock order inversion in transitive grant copy handling
+ XSA-411 CVE-2022-33748
+ - Xenstore: Guests can crash xenstored
+ XSA-414 CVE-2022-42309
+ - Xenstore: Guests can create orphaned Xenstore nodes
+ XSA-415 CVE-2022-42310
+ - Xenstore: Guests can cause Xenstore to not free temporary memory
+ XSA-416 CVE-2022-42319
+ - Xenstore: Guests can get access to Xenstore nodes of deleted domains
+ XSA-417 CVE-2022-42320
+ - Xenstore: Guests can crash xenstored via exhausting the stack
+ XSA-418 CVE-2022-42321
+ - Xenstore: Cooperating guests can create arbitrary numbers of nodes
+ XSA-419 CVE-2022-42322 CVE-2022-42323
+ - Oxenstored 32->31 bit integer truncation issues
+ XSA-420 CVE-2022-42324
+ - Xenstore: Guests can create arbitrary number of nodes via transactions
+ XSA-421 CVE-2022-42325 CVE-2022-42326
+ * The upstream Xen changes now also contain the first mentioned patch of
+ XSA-403 ("Linux disk/nic frontends data leaks") for stable branch lines.
+ For more information, please refer to the XSA-403 advisory text.
+ * Note that the following XSA are not listed, because...
+ - XSA-412 only applies to Xen 4.16 and newer
+ - XSA-413 applies to XAPI which is not included in Debian
+ * Correct a typo in the previous changelog entry.
+
+ -- Hans van Kranenburg <hans@knorrie.org> Fri, 04 Nov 2022 20:25:46 +0100
xen (4.14.5+24-g87d90d511c-1) bullseye-security; urgency=medium
projects / xen.git / commitdiff