projects / xen.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: bcca573)
debian/changelog: finish 4.11.4+24-gddaaccbbab-1
authorHans van Kranenburg <hans@knorrie.org>
Tue, 7 Jul 2020 14:36:30 +0000 (16:36 +0200)
committerHans van Kranenburg <hans@knorrie.org>
Tue, 7 Jul 2020 14:38:19 +0000 (16:38 +0200)
debian/changelog patch | blob | history

diff --git a/debian/changelog b/debian/changelog
index 56cab33afb82edeee738024ea3b3a156b9e70a6c..efb04411969b7d5604f554a1f1e9bbfd64193306 100644 (file)
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,6 +1,21 @@
-xen (4.11.4+24-gddaaccbbab-1) UNRELEASED; urgency=medium
-
-  * Update to new upstream version 4.11.4+24-gddaaccbbab.
+xen (4.11.4+24-gddaaccbbab-1) unstable; urgency=medium
+
+  * Update to new upstream version 4.11.4+24-gddaaccbbab, which also contains
+    security fixes for the following issues:
+    - inverted code paths in x86 dirty VRAM tracking
+      XSA-319 CVE-2020-15563
+    - Special Register Buffer speculative side channel
+      XSA-320 CVE-2020-0543
+      N.B: To mitigate this issue, new cpu microcode is required. The changes
+      in Xen provide a workaround for affected hardware that is not receiving
+      a vendor microcode update. Please refer to the upstream XSA-320 Advisory
+      text for more details.
+    - insufficient cache write-back under VT-d
+      XSA-321 CVE-2020-15565
+    - Missing alignment check in VCPUOP_register_vcpu_info
+      XSA-327 CVE-2020-15564
+    - non-atomic modification of live EPT PTE
+      XSA-328 CVE-2020-15567
 
  -- Hans van Kranenburg <hans@knorrie.org>  Tue, 07 Jul 2020 16:07:39 +0200
 
Unnamed repository; edit this file 'description' to name the repository.