-xen (4.14.0+88-g1d1d1f5391-1) UNRELEASED; urgency=medium
+xen (4.14.0+88-g1d1d1f5391-1) unstable; urgency=high
* Update to new upstream version 4.14.0+88-g1d1d1f5391, which also contains
security fixes for the following issues:
- stack corruption from XSA-346 change
XSA-355 CVE-2020-29040 (Closes: #976109)
+ * Apply security fixes for the following issues:
+ - oxenstored: permissions not checked on root node
+ XSA-353 CVE-2020-29479
+ - xenstore watch notifications lacking permission checks
+ XSA-115 CVE-2020-29480
+ - Xenstore: new domains inheriting existing node permissions
+ XSA-322 CVE-2020-29481
+ - Xenstore: wrong path length check
+ XSA-323 CVE-2020-29482
+ - Xenstore: guests can crash xenstored via watchs
+ XSA-324 CVE-2020-29484
+ - Xenstore: guests can disturb domain cleanup
+ XSA-325 CVE-2020-29483
+ - oxenstored memory leak in reset_watches
+ XSA-330 CVE-2020-29485
+ - oxenstored: node ownership can be changed by unprivileged clients
+ XSA-352 CVE-2020-29486
+ - undue recursion in x86 HVM context switch code
+ XSA-348 CVE-2020-29566
+ - infinite loop when cleaning up IRQ vectors
+ XSA-356 CVE-2020-29567
+ - FIFO event channels control block related ordering
+ XSA-358 CVE-2020-29570
+ - FIFO event channels control structure ordering
+ XSA-359 CVE-2020-29571
+ * Note that the following XSA are not listed, because...
+ - XSA-349 and XSA-350 have patches for the Linux kernel
+ - XSA-354 has patches for the XAPI toolstack
Packaging bugfixes and improvements:
* d/rules: do not compress /usr/share/doc/xen/html (Closes: #942611)
* Pick upstream commit ba6e78f0db ("fix spelling errors"). Thanks, Diederik.
- -- Hans van Kranenburg <hans@knorrie.org> Tue, 15 Dec 2020 10:15:41 +0100
+ -- Hans van Kranenburg <hans@knorrie.org> Tue, 15 Dec 2020 13:00:00 +0100
xen (4.14.0+80-gd101b417b7-1) unstable; urgency=medium
projects / xen.git / commitdiff