From: Hans van Kranenburg <hans@knorrie.org>
Date: Wed, 16 Nov 2022 12:15:07 +0000 (+0100)
Subject: debian/changelog: finish 4.16.2+90-g0d39a6d1ae-1
X-Git-Tag: archive/raspbian/4.16.2+90-g0d39a6d1ae-1+rpi1^2~2
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=3759ecde299f362ea354ede2022d5b6bbe3a6e64;p=xen.git

debian/changelog: finish 4.16.2+90-g0d39a6d1ae-1
---

diff --git a/debian/changelog b/debian/changelog
index d7c9fa895f..2eb38e9f81 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,6 +1,40 @@
-xen (4.16.2+90-g0d39a6d1ae-1) UNRELEASED; urgency=medium
+xen (4.16.2+90-g0d39a6d1ae-1) unstable; urgency=medium
 
-  * Update to new upstream version 4.16.2+90-g0d39a6d1ae.
+  * Update to new upstream version 4.16.2+90-g0d39a6d1ae, which also contains
+    security fixes for the following issues:
+     - Xenstore: guests can let run xenstored out of memory
+       XSA-326 CVE-2022-42311 CVE-2022-42312 CVE-2022-42313 CVE-2022-42314
+       CVE-2022-42315 CVE-2022-42316 CVE-2022-42317 CVE-2022-42318
+     - Arm: unbounded memory consumption for 2nd-level page tables
+       XSA-409 CVE-2022-33747
+     - P2M pool freeing may take excessively long
+       XSA-410 CVE-2022-33746
+     - lock order inversion in transitive grant copy handling
+       XSA-411 CVE-2022-33748
+     - x86: unintended memory sharing between guests
+       XSA-412 CVE-2022-42327
+     - Xenstore: Guests can crash xenstored
+       XSA-414 CVE-2022-42309
+     - Xenstore: Guests can create orphaned Xenstore nodes
+       XSA-415 CVE-2022-42310
+     - Xenstore: Guests can cause Xenstore to not free temporary memory
+       XSA-416 CVE-2022-42319
+     - Xenstore: Guests can get access to Xenstore nodes of deleted domains
+       XSA-417 CVE-2022-42320
+     - Xenstore: Guests can crash xenstored via exhausting the stack
+       XSA-418 CVE-2022-42321
+     - Xenstore: Cooperating guests can create arbitrary numbers of nodes
+       XSA-419 CVE-2022-42322 CVE-2022-42323
+     - Oxenstored 32->31 bit integer truncation issues
+       XSA-420 CVE-2022-42324
+     - Xenstore: Guests can create arbitrary number of nodes via transactions
+       XSA-421 CVE-2022-42325 CVE-2022-42326
+     - x86: Multiple speculative security issues
+       XSA-422 CVE-2022-23824
+   * Note that the following XSA are not listed, because...
+     - XSA-413 applies to XAPI which is not included in Debian
+   * Drop the "x86/CPUID: surface suitable value in EBX of XSTATE subleaf 1"
+     patch again because it's included in upstream changes now.
 
  -- Hans van Kranenburg <hans@knorrie.org>  Wed, 16 Nov 2022 12:50:33 +0100