From: Hans van Kranenburg <hans@knorrie.org>
Date: Tue, 7 Jul 2020 14:36:30 +0000 (+0200)
Subject: debian/changelog: finish 4.11.4+24-gddaaccbbab-1
X-Git-Tag: archive/raspbian/4.11.4+24-gddaaccbbab-1_deb10u1+rpi1^2^2~51
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=ea0ecf3ea4677f11912073ad54f974ab3a4dbe98;p=xen.git

debian/changelog: finish 4.11.4+24-gddaaccbbab-1
---

diff --git a/debian/changelog b/debian/changelog
index 56cab33afb..efb0441196 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,6 +1,21 @@
-xen (4.11.4+24-gddaaccbbab-1) UNRELEASED; urgency=medium
-
-  * Update to new upstream version 4.11.4+24-gddaaccbbab.
+xen (4.11.4+24-gddaaccbbab-1) unstable; urgency=medium
+
+  * Update to new upstream version 4.11.4+24-gddaaccbbab, which also contains
+    security fixes for the following issues:
+    - inverted code paths in x86 dirty VRAM tracking
+      XSA-319 CVE-2020-15563
+    - Special Register Buffer speculative side channel
+      XSA-320 CVE-2020-0543
+      N.B: To mitigate this issue, new cpu microcode is required. The changes
+      in Xen provide a workaround for affected hardware that is not receiving
+      a vendor microcode update. Please refer to the upstream XSA-320 Advisory
+      text for more details.
+    - insufficient cache write-back under VT-d
+      XSA-321 CVE-2020-15565
+    - Missing alignment check in VCPUOP_register_vcpu_info
+      XSA-327 CVE-2020-15564
+    - non-atomic modification of live EPT PTE
+      XSA-328 CVE-2020-15567
 
  -- Hans van Kranenburg <hans@knorrie.org>  Tue, 07 Jul 2020 16:07:39 +0200