http://www.openwall.com/lists/oss-security/2015/10/29/3 http://www.openwall.com/lists/oss-security/2015/10/29/4 http://www.openwall.com/lists/oss-security/2015/10/29/5 http://www.openwall.com/lists/oss-security/2015/10/29/6 http://www.openwall.com/lists/oss-security/2015/10/29/7 http://www.openwall.com/lists/oss-security/2015/10/29/8 http://www.openwall.com/lists/oss-security/2015/10/29/9 http://www.openwall.com/lists/oss-security/2015/10/29/10 http://www.openwall.com/lists/oss-security/2015/10/29/11
All patches acquired and runtested which includes xsa142-4.5.patch for xen-tools and xsa141.patch for xen. xsa142-4.6.patch is found to already be incorporated in the version xen-4.6.0. Patches I hace concatenated into 2 files, however dlan assures he will packge and upload them tomorrow. Considering no urgency, holding off committing until he packages them.
Arches, please test and mark stable: =app-emulation/xen-4.2.5-r12 =app-emulation/xen-tools-4.2.5-r11 Target keywords Both : "amd64 x86" =app-emulation/xen-4.5.2 =app-emulation/xen-tools-4.5.2 =app-emulation/xen-pvgrub-4.5.2 Target keywords Only: "amd64"
amd64 stable
x86 stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one.
Please cleanup den-tools, pvgrub
Added to an existing GLSA Request.
Please drop or mask xen-tools-4.2.5-{r10,r11} as was done with xen.
(In reply to Yury German from comment #7) > Please drop or mask xen-tools-4.2.5-{r10,r11} as was done with xen. Thiswas done several days ago now
Please forgive me if this is wrong place to discuss about this matter, but I wonder if dropping xen 4.2 has been intentionally done knowing that it's the only version of xen which still supports x86-32 architecture.
(In reply to Tomoatsu Shimada from comment #9) > Please forgive me if this is wrong place to discuss about this matter, but I > wonder if dropping xen 4.2 has been intentionally done knowing that it's > the only version of xen which still supports x86-32 architecture. This security bug is not the place to discuss it as you correctly mention; but the quick answer is I'm aware of discussions amongst Xen members on that topic so it was done with an awareness of that.
Your valuable answer encouraged me to abandon x86-32 architecture, thanks a lot!
Maintainer(s), Thank you for your work.
This issue was resolved and addressed in GLSA 201604-03 at https://security.gentoo.org/glsa/201604-03 by GLSA coordinator Yury German (BlueKnight).