From 2d3d312a369088625f9e0174affcde2144860410 Mon Sep 17 00:00:00 2001
From: Hans van Kranenburg <hans@knorrie.org>
Date: Sun, 11 Jul 2021 15:02:08 +0200
Subject: [PATCH] debian/changelog: finish 4.14.2+25-gb6a8c4f72d-1

---
 debian/changelog | 20 ++++++++++++++++++--
 1 file changed, 18 insertions(+), 2 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index 99071ddeea..136c1cfdcf 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,6 +1,22 @@
-xen (4.14.2+25-gb6a8c4f72d-1) UNRELEASED; urgency=medium
+xen (4.14.2+25-gb6a8c4f72d-1) unstable; urgency=medium
 
-  * Update to new upstream version 4.14.2+25-gb6a8c4f72d.
+  * Update to new upstream version 4.14.2+25-gb6a8c4f72d, which also contains
+    security fixes for the following issues:
+    - HVM soft-reset crashes toolstack
+      XSA-368 CVE-2021-28687
+    - xen/arm: Boot modules are not scrubbed
+      XSA-372 CVE-2021-28693
+    - inappropriate x86 IOMMU timeout detection / handling
+      XSA-373 CVE-2021-28692
+    - Speculative Code Store Bypass
+      XSA-375 CVE-2021-0089 CVE-2021-26313
+    - x86: TSX Async Abort protections not restored after S3
+      XSA-377 CVE-2021-28690
+  * Note that the following XSA are not listed, because...
+    - XSA-370 does not contain code changes.
+    - XSA-365, XSA-367, XSA-369, XSA-371 and XSA-374 have patches for the
+      Linux kernel.
+    - XSA-366 only applies to Xen 4.11.
 
  -- Hans van Kranenburg <hans@knorrie.org>  Sun, 11 Jul 2021 14:29:13 +0200
 
-- 
2.30.2