Back to xen PTS page

Accepted xen 4.8.3+xsa262+shim4.10.0+comet3-1+deb9u7 (all amd64 source) into proposed-updates->stable-new, proposed-updates

To: debian-changes@lists.debian.org
Subject: Accepted xen 4.8.3+xsa262+shim4.10.0+comet3-1+deb9u7 (all amd64 source) into proposed-updates->stable-new, proposed-updates
From: Ian Jackson <ijackson@chiark.greenend.org.uk>
Date: Mon, 28 May 2018 19:48:14 +0000
Mail-followup-to: debian-devel@lists.debian.org
Message-id: <E1fNO7q-000Ew2-D9@fasolo.debian.org>
Reply-to: debian-devel@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 22 May 2018 18:41:33 +0100
Source: xen
Binary: libxen-4.8 libxenstore3.0 libxen-dev xenstore-utils xen-utils-common xen-utils-4.8 xen-hypervisor-4.8-amd64 xen-system-amd64 xen-hypervisor-4.8-arm64 xen-system-arm64 xen-hypervisor-4.8-armhf xen-system-armhf
Architecture: all amd64 source
Version: 4.8.3+xsa262+shim4.10.0+comet3-1+deb9u7
Distribution: stretch-security
Urgency: high
Maintainer: Debian Xen Team <pkg-xen-devel@lists.alioth.debian.org>
Changed-By: Ian Jackson <ijackson@chiark.greenend.org.uk>
Closes: 898898
Description: 
 libxen-4.8 - Public libs for Xen
 libxen-dev - Public headers and libs for Xen
 libxenstore3.0 - Xenstore communications library for Xen
 xen-hypervisor-4.8-amd64 - Xen Hypervisor on AMD64
 xen-hypervisor-4.8-arm64 - Xen Hypervisor on ARM64
 xen-hypervisor-4.8-armhf - Xen Hypervisor on ARMHF
 xen-system-amd64 - Xen System on AMD64 (meta-package)
 xen-system-arm64 - Xen System on ARM64 (meta-package)
 xen-system-armhf - Xen System on ARMHF (meta-package)
 xen-utils-4.8 - XEN administrative tools
 xen-utils-common - Xen administrative tools - common files
 xenstore-utils - Xenstore command line utilities for Xen
Changes:
 xen (4.8.3+xsa262+shim4.10.0+comet3-1+deb9u7) stretch-security; urgency=high
 .
   * Include upstream XSA-263 (speculative store bypass) fixes for x86.
     I hear that ARM fixes will be forthcoming RSN.  Ie,
        XSA-263 CVE-2018-3639 (amd64/i386; armhf/arm64 still vuln.)
 .
   * Include a number of upstream bugfixes, including fixes to previous
     security fixes, some of which are security-relevant:
       x86: correct ordering of operations during S3 resume
       x86: suppress BTI mitigations around S3 suspend/resume
       x86/spec_ctrl: Updates to retpoline-safety decision making
       x86/HPET: fix race triggering ASSERT(cpu < nr_cpu_ids)
       x86/HVM: never retain emulated insn cache when exiting back to guest
       xpti: fix bug in double fault handling
       x86/cpuidle: don't init stats lock more than once
       xen: Introduce vcpu_sleep_nosync_locked()
       xen/schedule: Fix races in vcpu migration
       x86: Fix "x86: further CPUID handling adjustments"
 .
     The result is very similar to upstream staging-4.8.  However, as
     upstream staging-4.8 has not yet passed upstream CI, I have chosen to
     cherry pick fixes so that I can drop a couple that don't look
     immediately important.  We will expect to resynchronise with
     upstream's 4.8 stable branch soon.
 .
   * Drop our patch `tools: fix arm build after bdf693ee61b48' (which was
     needed to build the upstream 4.8 comet branch on ARM but is not needed
     for the the upstream staging/stable branch).  Closes:#898898.
 .
   * Update changelog for 4.8.3+xsa262+shim4.10.0+comet3-1+deb9u6 to
     mention branch switch from upstream 4.8 comet to upstream main 4.8,
     and add some missing CVEs.
Checksums-Sha1: 
 cd86ad274b6916be0fdbf22e6ca68ee89c55c47c 3173 xen_4.8.3+xsa262+shim4.10.0+comet3-1+deb9u7.dsc
 0e5608e91ba97687e01816373fbcb49c646f19f9 81288 xen_4.8.3+xsa262+shim4.10.0+comet3-1+deb9u7.debian.tar.xz
 d17ec5671772c59d5fe0ba0014c864fbea99c86b 1608798 libxen-4.8-dbgsym_4.8.3+xsa262+shim4.10.0+comet3-1+deb9u7_amd64.deb
 9ba4eee12fb78c8fb5c91761f13fd4b2453d25f6 411816 libxen-4.8_4.8.3+xsa262+shim4.10.0+comet3-1+deb9u7_amd64.deb
 455b4ecdde296fefc06895d7396fc5b83bd947e8 651850 libxen-dev_4.8.3+xsa262+shim4.10.0+comet3-1+deb9u7_amd64.deb
 99a03c839f6684591193f1d249a0b11b61d73480 25254 libxenstore3.0-dbgsym_4.8.3+xsa262+shim4.10.0+comet3-1+deb9u7_amd64.deb
 ec229c0ea1be7abb82c49aaa36fc47b552c3ed1a 34462 libxenstore3.0_4.8.3+xsa262+shim4.10.0+comet3-1+deb9u7_amd64.deb
 45831804eeb8000ac00eb3a4958a94573d138a3e 2309688 xen-hypervisor-4.8-amd64_4.8.3+xsa262+shim4.10.0+comet3-1+deb9u7_amd64.deb
 ca3e1c484cfc195b9d36d53056b02e4a143afbe3 23442 xen-system-amd64_4.8.3+xsa262+shim4.10.0+comet3-1+deb9u7_amd64.deb
 3911745dd4c6e29e86df8e8900a0fb545126e4fe 852406 xen-utils-4.8-dbgsym_4.8.3+xsa262+shim4.10.0+comet3-1+deb9u7_amd64.deb
 ad2bcd1d2c5362f0a130547608778f4334e3433d 422858 xen-utils-4.8_4.8.3+xsa262+shim4.10.0+comet3-1+deb9u7_amd64.deb
 eb90bd55c8c7950dd9ef5f159673b94700b7540b 284940 xen-utils-common_4.8.3+xsa262+shim4.10.0+comet3-1+deb9u7_all.deb
 4c4501f5c53fd2c336a71e57a9aef8d476829224 12290 xen_4.8.3+xsa262+shim4.10.0+comet3-1+deb9u7_amd64.buildinfo
 f4de9bbad0ad840889996bdc81d5ce9fe4e7635e 13376 xenstore-utils-dbgsym_4.8.3+xsa262+shim4.10.0+comet3-1+deb9u7_amd64.deb
 58655669b60ae47cb32df832742fb8ec23fd8018 30184 xenstore-utils_4.8.3+xsa262+shim4.10.0+comet3-1+deb9u7_amd64.deb
Checksums-Sha256: 
 5172cba84cdaf29aba3dee15c2db2557b06da96f5fe5c4325fb3f0c1515a901b 3173 xen_4.8.3+xsa262+shim4.10.0+comet3-1+deb9u7.dsc
 f856f9ca2ce1c146d283113d0922c649e6b9c8abbe97b2fc788829ca5674023c 81288 xen_4.8.3+xsa262+shim4.10.0+comet3-1+deb9u7.debian.tar.xz
 0eb8f2fd2c94d0f4a6a83e7d318999d0648f9caa5e059c7b545d57c04dd83f75 1608798 libxen-4.8-dbgsym_4.8.3+xsa262+shim4.10.0+comet3-1+deb9u7_amd64.deb
 4d8d792e6f31f59754b117e89fc355777d837042a9b884cd091da95f21d575cb 411816 libxen-4.8_4.8.3+xsa262+shim4.10.0+comet3-1+deb9u7_amd64.deb
 929f780a81d5686ced6e008f2a917ba60f279c750790ade925efc28b3e319e86 651850 libxen-dev_4.8.3+xsa262+shim4.10.0+comet3-1+deb9u7_amd64.deb
 02f0e12244c5506a6d5f9888c1172975e826493c596ce42b3b29fe942476b8fc 25254 libxenstore3.0-dbgsym_4.8.3+xsa262+shim4.10.0+comet3-1+deb9u7_amd64.deb
 78c1a392a9494787294d55ec8ad100895b47234c859f6876891f06cbc28a19a1 34462 libxenstore3.0_4.8.3+xsa262+shim4.10.0+comet3-1+deb9u7_amd64.deb
 9403bcd661d8f697acc976fe84fcf1837b9b69bcfb43eb5dcedde3379fcad289 2309688 xen-hypervisor-4.8-amd64_4.8.3+xsa262+shim4.10.0+comet3-1+deb9u7_amd64.deb
 35f8984ae312daf9fcd214922c71d33a80104812bee44f8741dfda45d886e941 23442 xen-system-amd64_4.8.3+xsa262+shim4.10.0+comet3-1+deb9u7_amd64.deb
 156808c2fc2a48a6743ebd40f55310b297d29e8c25a005dacf631abf4faef412 852406 xen-utils-4.8-dbgsym_4.8.3+xsa262+shim4.10.0+comet3-1+deb9u7_amd64.deb
 761faeb2fb05106b7ca1cbf253ad8d1c5120cc3b6cc96cbea692ad7c69c0e84d 422858 xen-utils-4.8_4.8.3+xsa262+shim4.10.0+comet3-1+deb9u7_amd64.deb
 e8701fdc910e04441fc9be02c73820bb4a499ed57b1233b5763e88ea0c3f04c9 284940 xen-utils-common_4.8.3+xsa262+shim4.10.0+comet3-1+deb9u7_all.deb
 17e2ecfd6a274a402658d0b4e9901e681a6633210fe6bf5aaf257bc6f28c19cc 12290 xen_4.8.3+xsa262+shim4.10.0+comet3-1+deb9u7_amd64.buildinfo
 fe0cf57d0e06c1ded658b571d8626ed9105bf2d9dc4f69d4f7517cfd3afd4d96 13376 xenstore-utils-dbgsym_4.8.3+xsa262+shim4.10.0+comet3-1+deb9u7_amd64.deb
 4b4a2ea48b1a3ff276e1503eb640cfc4e4fbf797c7cc56371e90b6f78b8c5a13 30184 xenstore-utils_4.8.3+xsa262+shim4.10.0+comet3-1+deb9u7_amd64.deb
Files: 
 c1c8333658cb32d0947bdaaa074b25c2 3173 kernel optional xen_4.8.3+xsa262+shim4.10.0+comet3-1+deb9u7.dsc
 4ac411ab2adde4ce7d43905ce9e78201 81288 kernel optional xen_4.8.3+xsa262+shim4.10.0+comet3-1+deb9u7.debian.tar.xz
 04f297964c4ecd21777fd80a6c74e60d 1608798 debug extra libxen-4.8-dbgsym_4.8.3+xsa262+shim4.10.0+comet3-1+deb9u7_amd64.deb
 1572522f23c70d40ced8b9819ec8b3fe 411816 libs optional libxen-4.8_4.8.3+xsa262+shim4.10.0+comet3-1+deb9u7_amd64.deb
 4c286fd4bf5cf38ebca8fd8849326a53 651850 libdevel optional libxen-dev_4.8.3+xsa262+shim4.10.0+comet3-1+deb9u7_amd64.deb
 dbb259c3c8f8d737f655f579afb42100 25254 debug extra libxenstore3.0-dbgsym_4.8.3+xsa262+shim4.10.0+comet3-1+deb9u7_amd64.deb
 fd7c38ab1c4c3491eb50bfb19d72c0b2 34462 libs optional libxenstore3.0_4.8.3+xsa262+shim4.10.0+comet3-1+deb9u7_amd64.deb
 32642893b9aba195eaa9dca652aa5980 2309688 kernel optional xen-hypervisor-4.8-amd64_4.8.3+xsa262+shim4.10.0+comet3-1+deb9u7_amd64.deb
 64fad25cbf2ea48d557089c64aae8763 23442 kernel optional xen-system-amd64_4.8.3+xsa262+shim4.10.0+comet3-1+deb9u7_amd64.deb
 9f5e59edcb78bd357d47bf4efbb30eba 852406 debug extra xen-utils-4.8-dbgsym_4.8.3+xsa262+shim4.10.0+comet3-1+deb9u7_amd64.deb
 e9c56013dc85636eeb75f182c41e34d2 422858 kernel optional xen-utils-4.8_4.8.3+xsa262+shim4.10.0+comet3-1+deb9u7_amd64.deb
 5a9e55c712ff49ff22e38b038894d9f5 284940 kernel optional xen-utils-common_4.8.3+xsa262+shim4.10.0+comet3-1+deb9u7_all.deb
 9ef82d0b277028d073666dffe1bee943 12290 kernel optional xen_4.8.3+xsa262+shim4.10.0+comet3-1+deb9u7_amd64.buildinfo
 e59a3de78dd4b9ace441d7b6a14d0cde 13376 debug extra xenstore-utils-dbgsym_4.8.3+xsa262+shim4.10.0+comet3-1+deb9u7_amd64.deb
 0c8e80b686563832a99db1ddfdeff353 30184 admin optional xenstore-utils_4.8.3+xsa262+shim4.10.0+comet3-1+deb9u7_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEVZrkbC1rbTJl58uh4+M5I0i1DTkFAlsEX6MACgkQ4+M5I0i1
DTm3hgf+Pv70YczcPRKfuX/++w+70DQcZpo1prLCO/+FDecvlXIHzZ6ctxyolcaR
+RaLmnIiwjCJ59rxIrdED3K3tL3RKtMn0UMD6PoXAqNXG2O9bNck0V0faV+2kKeo
u4ODeyIkVMHw0OtAM/QabEf78Ybj2ixMeg32s8pD6SlVd6TjxO9s8sWgyaWVKdIe
mpCegUgEZInp1WgZLqQk77U2n3kr6nQjh8HhmED5AiDxouKkTJyaX1bfGkrSaG/9
BNpJdTxOC74w2FTmsfYKAL69GzDXujv4SiaRiShQYNB4R0GcjifhmUYaCVuDFGDP
E6xutJLppoJ44Eg3q57dhLKyKa4d5w==
=QOSQ
-----END PGP SIGNATURE-----