Debian Bug report logs -
#770230
xen: CVE-2014-5146 CVE-2014-5149 CVE-2014-8594 CVE-2014-8595 CVE-2014-9030
Reported by: Moritz Muehlenhoff <jmm@debian.org>
Date: Wed, 19 Nov 2014 22:48:01 UTC
Severity: important
Tags: security
Fixed in version xen/4.5.1~rc1-1
Done: Ian Campbell <ijc@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian Xen Team <pkg-xen-devel@lists.alioth.debian.org>:
Bug#770230; Package src:xen.
(Wed, 19 Nov 2014 22:48:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Muehlenhoff <jmm@debian.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian Xen Team <pkg-xen-devel@lists.alioth.debian.org>.
(Wed, 19 Nov 2014 22:48:05 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: xen
Severity: grave
Tags: security
Hi,
the following security issues apply to Xen in jessie:
CVE-2014-5146,CVE-2014-5149:
https://marc.info/?l=oss-security&m=140784877111813&w=2
CVE-2014-8594:
https://marc.info/?l=oss-security&m=141631359901060&w=2
CVE-2014-8595:
https://marc.info/?l=oss-security&m=141631352601020&w=2
Cheers,
Moritz
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Xen Team <pkg-xen-devel@lists.alioth.debian.org>:
Bug#770230; Package src:xen.
(Fri, 21 Nov 2014 22:48:08 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Mühlenhoff <jmm@inutil.org>:
Extra info received and forwarded to list. Copy sent to Debian Xen Team <pkg-xen-devel@lists.alioth.debian.org>.
(Fri, 21 Nov 2014 22:48:08 GMT) (full text, mbox, link).
Message #10 received at 770230@bugs.debian.org (full text, mbox, reply):
On Wed, Nov 19, 2014 at 11:45:02PM +0100, Moritz Muehlenhoff wrote:
> Source: xen
> Severity: grave
> Tags: security
>
> Hi,
> the following security issues apply to Xen in jessie:
>
> CVE-2014-5146,CVE-2014-5149:
> https://marc.info/?l=oss-security&m=140784877111813&w=2
>
> CVE-2014-8594:
> https://marc.info/?l=oss-security&m=141631359901060&w=2
>
> CVE-2014-8595:
> https://marc.info/?l=oss-security&m=141631352601020&w=2
And CVE-2014-9030:
https://marc.info/?l=oss-security&m=141657283302489&w=2
Cheers,
Moritz
Changed Bug title to 'xen: CVE-2014-5146 CVE-2014-5149 CVE-2014-8594 CVE-2014-8595 CVE-2014-9030' from 'CVE-2014-5146 CVE-2014-5149 CVE-2014-8594 CVE-2014-8595'
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Fri, 21 Nov 2014 22:57:26 GMT) (full text, mbox, link).
Severity set to 'important' from 'grave'
Request was from Bastian Blank <bastian.blank@credativ.de>
to control@bugs.debian.org.
(Wed, 26 Nov 2014 07:51:17 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Xen Team <pkg-xen-devel@lists.alioth.debian.org>:
Bug#770230; Package src:xen.
(Thu, 27 Nov 2014 12:57:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Xen Team <pkg-xen-devel@lists.alioth.debian.org>.
(Thu, 27 Nov 2014 12:57:05 GMT) (full text, mbox, link).
Message #19 received at 770230@bugs.debian.org (full text, mbox, reply):
retitle -1 xen: CVE-2014-5146 CVE-2014-5149 CVE-2014-8594 CVE-2014-8595 CVE-2014-9030 CVE-2014-8866 CVE-2014-8867
Hi,
There are two more for XSA-111 and XSA-112:
https://security-tracker.debian.org/tracker/CVE-2014-8866
https://security-tracker.debian.org/tracker/CVE-2014-8867
Regards,
Salvatore
Marked as fixed in versions xen/4.5.1~rc1-1.
Request was from Ian Campbell <ijc@debian.org>
to control@bugs.debian.org.
(Thu, 05 Nov 2015 15:03:10 GMT) (full text, mbox, link).
Marked Bug as done
Request was from Ian Campbell <ijc@debian.org>
to control@bugs.debian.org.
(Thu, 05 Nov 2015 15:03:11 GMT) (full text, mbox, link).
Notification sent
to Moritz Muehlenhoff <jmm@debian.org>:
Bug acknowledged by developer.
(Thu, 05 Nov 2015 15:03:11 GMT) (full text, mbox, link).
Message sent on
to Moritz Muehlenhoff <jmm@debian.org>:
Bug#770230.
(Thu, 05 Nov 2015 15:03:20 GMT) (full text, mbox, link).
Message #28 received at 770230-submitter@bugs.debian.org (full text, mbox, reply):
close 770230 4.5.1~rc1-1
thanks
These all appear to have been included in the upsteam 4.5.0 release. 4.5.1-rc1
was the first upload to Debian.
Cheers,
Ian.
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Sun, 13 Dec 2015 07:27:37 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 16:54:20 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon