Bug 600382 (CVE-2016-9377, CVE-2016-9378, CVE-2016-9379, CVE-2016-9380, CVE-2016-9381, CVE-2016-9382, CVE-2016-9383, CVE-2016-9384, CVE-2016-9385, CVE-2016-9386, XSA-191, XSA-192, XSA-193, XSA-194, XSA-195, XSA-196, XSA-197, XSA-198)

Comment 1 Aaron Bauman (RETIRED) 2016-11-21 09:56:01 UTC

dlan has all patches staged and ready to push once the embargo is lifted.  Bug contains highest severity rating.

Comment 2 Yixun Lan 2016-11-22 12:49:32 UTC

fixed at version:
app-emulation/xen-tools-4.6.4-r1
app-emulation/xen-tools-4.7.1-r1

app-emulation/xen-4.6.4-r1
app-emulation/xen-4.7.1-r1

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=82b8b15c1a208e5ddf328b45379485ce05a8a42a
https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=26d6129e0ba6eb72b12ec47528c8bcf5a108707a

Comment 3 Yixun Lan 2016-11-22 13:01:36 UTC

Arches, please test and mark stable:
=app-emulation/xen-4.6.4-r1
Target keyword only: "amd64"

=app-emulation/xen-pvgrub-4.6.4
=app-emulation/xen-tools-4.6.4-r1
Target keywords: "amd64 x86"

Comment 4 Agostino Sarubbo 2016-11-26 10:37:20 UTC

amd64 stable

Comment 5 Agostino Sarubbo 2016-11-26 10:45:02 UTC

x86 stable.

Maintainer(s), please cleanup.
Security, please add it to the existing request, or file a new one.

Comment 6 Yixun Lan 2016-11-28 04:15:44 UTC

old vulnerable versions has been already dropped.

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d2afbcada16e07467ab83d2881a4c05050e67784

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7aaad79ffa0d1edf2a49e0d8e05426c9395e827e

Comment 7 GLSAMaker/CVETool Bot 2016-12-31 16:17:34 UTC

This issue was resolved and addressed in
 GLSA 201612-56 at https://security.gentoo.org/glsa/201612-56
by GLSA coordinator Thomas Deutschmann (whissi).