Summary: | Kernel: Multiple Xen-related vulnerabilities (XSA-{155,157}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Ian Delaney (RETIRED) <idella4> |
Component: | Vulnerabilities | Assignee: | Gentoo Kernel Security <security-kernel> |
Status: | RESOLVED OBSOLETE | ||
Severity: | normal | CC: | blueness, flow, hydrapolic, kernel, mpagano |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B3 [upstream] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 522930 | ||
Bug Blocks: | 567962 |
Description
Ian Delaney (RETIRED)
2015-12-14 09:48:00 UTC
Restricting to security group A reminder of the embargo policy: DEPLOYMENT DURING EMBARGO ========================= Deployment of the patches and/or mitigations described above (or others which are substantially similar) is permitted during the embargo, even on public-facing systems with untrusted guest users and administrators. But: Distribution of updated software is prohibited (except to other members of the predisclosure list). Predisclosure list members who wish to deploy significantly different patches and/or mitigations, please contact the Xen Project Security Team. (Note: this during-embargo deployment notice is retained in post-embargo publicly released Xen Project advisories, even though it is then no longer applicable. This is to enable the community to have oversight of the Xen Project Security Team's decisionmaking.) For more information about permissible uses of embargoed information, consult the Xen Project community's agreed Security Policy: http://www.xenproject.org/security-policy.html The XSA-155 patch set is missing from LTS 3.10, 3.18 and 4.1er branch. Will ping upstream. The XSA-157 patch set is missing from LTS 3.10, 3.18 is incomplete, 4.1 is incomplete. Will ping upstream. Bug 522930 handles stabilization of sys-kernels/gentoo-sources-3.4.x. Security, can you please close this obsolete one? Thanks Unable to check for sanity:
> no match for package: =sys-kernel/gentoo-sources-3.4.113
Resetting sanity check; package list is empty. (In reply to Tomáš Mózes from comment #4) > Security, can you please close this obsolete one? Thanks Yep. |