Debian Bug report logs -
#781620
CVE-2015-2751 CVE-2015-2752 CVE-2015-2756
Reported by: Moritz Muehlenhoff <jmm@debian.org>
Date: Tue, 31 Mar 2015 17:15:02 UTC
Severity: important
Tags: fixed-upstream, security, upstream
Found in version xen/4.4.1-8
Fixed in version xen/4.4.1-9
Done: Bastian Blank <waldi@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian Xen Team <pkg-xen-devel@lists.alioth.debian.org>:
Bug#781620; Package src:xen.
(Tue, 31 Mar 2015 17:15:06 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Muehlenhoff <jmm@debian.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian Xen Team <pkg-xen-devel@lists.alioth.debian.org>.
(Tue, 31 Mar 2015 17:15:06 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: xen
Severity: important
Tags: security
Please see
http://xenbits.xen.org/xsa/advisory-125.html
http://xenbits.xen.org/xsa/advisory-126.html
http://xenbits.xen.org/xsa/advisory-127.html
Cheers,
Moritz
Added tag(s) upstream and fixed-upstream.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Tue, 31 Mar 2015 18:24:04 GMT) (full text, mbox, link).
Marked as found in versions xen/4.4.1-8.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Tue, 31 Mar 2015 18:24:05 GMT) (full text, mbox, link).
Reply sent
to Bastian Blank <waldi@debian.org>:
You have taken responsibility.
(Mon, 06 Apr 2015 19:45:10 GMT) (full text, mbox, link).
Notification sent
to Moritz Muehlenhoff <jmm@debian.org>:
Bug acknowledged by developer.
(Mon, 06 Apr 2015 19:45:10 GMT) (full text, mbox, link).
Message #14 received at 781620-close@bugs.debian.org (full text, mbox, reply):
Source: xen
Source-Version: 4.4.1-9
We believe that the bug you reported is fixed in the latest version of
xen, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 781620@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Bastian Blank <waldi@debian.org> (supplier of updated xen package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Mon, 06 Apr 2015 20:22:59 +0200
Source: xen
Binary: libxen-4.4 libxenstore3.0 libxen-dev xenstore-utils xen-utils-common xen-utils-4.4 xen-hypervisor-4.4-amd64 xen-system-amd64 xen-hypervisor-4.4-arm64 xen-system-arm64 xen-hypervisor-4.4-armhf xen-system-armhf
Architecture: source amd64 all
Version: 4.4.1-9
Distribution: unstable
Urgency: high
Maintainer: Debian Xen Team <pkg-xen-devel@lists.alioth.debian.org>
Changed-By: Bastian Blank <waldi@debian.org>
Description:
libxen-4.4 - Public libs for Xen
libxen-dev - Public headers and libs for Xen
libxenstore3.0 - Xenstore communications library for Xen
xen-hypervisor-4.4-amd64 - Xen Hypervisor on AMD64
xen-hypervisor-4.4-arm64 - Xen Hypervisor on ARM64
xen-hypervisor-4.4-armhf - Xen Hypervisor on ARMHF
xen-system-amd64 - Xen System on AMD64 (meta-package)
xen-system-arm64 - Xen System on ARM64 (meta-package)
xen-system-armhf - Xen System on ARMHF (meta-package)
xen-utils-4.4 - XEN administrative tools
xen-utils-common - Xen administrative tools - common files
xenstore-utils - Xenstore command line utilities for Xen
Closes: 780975 781620
Changes:
xen (4.4.1-9) unstable; urgency=high
.
* Explicitly disable graphics for qemu. (closes: #780975)
CVE-2015-2152
* Update fix for insufficient permissions checks on arm.
CVE-2014-3969
* Break apart long latenty MMIO operations. (closes: #781620)
CVE-2015-2752
* Disallow certain domain control operations. (closes: #781620)
CVE-2015-2751
Checksums-Sha1:
9303b5321ed3bcdb16f79fdd5be92922829a3921 2598 xen_4.4.1-9.dsc
01a655141544ddbf203c4b7643e657125d63dbc1 73592 xen_4.4.1-9.debian.tar.xz
7fa87ba9c31b2e3a640b8b977953162d11ba1a23 1672086 xen-hypervisor-4.4-amd64_4.4.1-9_amd64.deb
d590a9cc433abfd0862f7c6f41197cdd8c4ae5b7 121196 xen-utils-common_4.4.1-9_all.deb
c7514a07924f689c0d5bbcc687faaff438e10372 19974 xen-system-amd64_4.4.1-9_amd64.deb
9e7d3514928d5bfdaff2ff28cdd39649f04df197 476968 libxen-dev_4.4.1-9_amd64.deb
f14400d0fdc867cfae3dad1264f510e1bdefea4d 30856 libxenstore3.0_4.4.1-9_amd64.deb
e195b09e7b2b5e5e3dc5d899e8fa17610ea21a3e 26522 xenstore-utils_4.4.1-9_amd64.deb
f60825baeb00816519d1458af4be7a397778b5bb 295658 libxen-4.4_4.4.1-9_amd64.deb
e83b04e819b6f56ce8067e38550dc6f727b04f2a 393294 xen-utils-4.4_4.4.1-9_amd64.deb
Checksums-Sha256:
4fe21af9ea9174c9503042f291a8cf4c6919ba09c8dba3dea4a67448270cdae2 2598 xen_4.4.1-9.dsc
7e12fc76af09cee973125b63cdd73219548b8e232e66a2a551ba1618902e5bf4 73592 xen_4.4.1-9.debian.tar.xz
287529c4339e80190ca2a68cae83fe2e6333480f7fa92fbbe11e1fc03bf1730a 1672086 xen-hypervisor-4.4-amd64_4.4.1-9_amd64.deb
6658fe471af47c3fb394a526a413f378364743e9c2ef3191e84fa64a6bb4900f 121196 xen-utils-common_4.4.1-9_all.deb
5ffc59ea12c8027eb10127f2c74cdde9990538ffebba971cfdd6410f798e157d 19974 xen-system-amd64_4.4.1-9_amd64.deb
2002c770b55ef29b77891be83fe43f06c1e44af550b3c43c856c8a33a456dd4d 476968 libxen-dev_4.4.1-9_amd64.deb
191d87deaeed99694e5608dd9e47c0961c827f70ab50b225752703f14ad6de1c 30856 libxenstore3.0_4.4.1-9_amd64.deb
ed9eab5d3f2db285904238646c763b2c3af3a0b1ed79799abe0142362a90424a 26522 xenstore-utils_4.4.1-9_amd64.deb
b7a4c375f8a58b9ffffbb31adc23ec00c283beddd14876965f1c113ee93ed827 295658 libxen-4.4_4.4.1-9_amd64.deb
07b9c52f6fccf1ba3fa9c095c495765caf9545fa5461425783268c44510c229c 393294 xen-utils-4.4_4.4.1-9_amd64.deb
Files:
46c1320ae463981e4332ed7566459086 2598 kernel optional xen_4.4.1-9.dsc
4fd04d1bb1322bfbb327946dbe0a331c 73592 kernel optional xen_4.4.1-9.debian.tar.xz
d8169d19c7995e39d52986d7875ec239 1672086 kernel optional xen-hypervisor-4.4-amd64_4.4.1-9_amd64.deb
d95107949012799224ad6c3aa01509e3 121196 kernel optional xen-utils-common_4.4.1-9_all.deb
c5964f2a46212e9900ec5b2b32c9fdc1 19974 kernel optional xen-system-amd64_4.4.1-9_amd64.deb
6997e3136fe73b96e421ee0073914fa7 476968 libdevel optional libxen-dev_4.4.1-9_amd64.deb
624ad3c2676a7cf360bdc391338ecd79 30856 libs optional libxenstore3.0_4.4.1-9_amd64.deb
72d3238d893768b99de8cd2a8ad4060e 26522 admin optional xenstore-utils_4.4.1-9_amd64.deb
0dca6aa757729f9de3f54c98d413b8a5 295658 libs optional libxen-4.4_4.4.1-9_amd64.deb
989498db24af639d41ecea80d2fd7f2c 393294 kernel optional xen-utils-4.4_4.4.1-9_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAEBAgAGBQJVItuTAAoJEG2TiIWKaf5RTesH/1OVNCWXtdrRbqBR0a7FEYfj
lmcdEDydSWNRyIkZgQDVO9UICSs8tH7ePDP3JS8CSeIF79B8rGBlXfZRIz4lkbhu
3rWwqM8k0XpvmjGB4XuZ0yqAypEJHp9gMxFTUOYTYg2/0wSMxwf3141Ar5xZ/YN9
k3HfgX7AD/5gYvcTqm4aiGv2z4kXWzRBtngst6JnAv4hBClPOsCkoZ9PV92Pli0q
idPTb9Q0kUgOpXzF2Jt0UE/9rA3emusOFybGLEr+xIbPLPv+q/1SWmYgIIzenrcO
Ni4WfjuyfyiXklTXDq5dSY4PGqHvihdrOOdtHQKetbLCHtl22fsgZMp3x60wbsE=
=DUP/
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Fri, 08 May 2015 07:27:25 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 13:04:18 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon