Summary: | <app-emulation/xen-{4.10.1-r2,4.11.0-r2}: multiple vulnerabilities (XSA-{268,269,272,273}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | GLSAMaker/CVETool Bot <glsamaker> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | dilfridge, hydrapolic, xen |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
See Also: | https://github.com/gentoo/gentoo/pull/9217 | ||
Whiteboard: | B3 [glsa+ cve] | ||
Package list: |
app-emulation/xen-4.10.1-r2 amd64
app-emulation/xen-tools-4.10.1-r2 amd64 x86
app-emulation/xen-pvgrub-4.10.1 amd64
|
Runtime testing required: | --- |
Bug Depends on: | |||
Bug Blocks: | 655544, 659442 | ||
Deadline: | 2018-09-12 |
Description
GLSAMaker/CVETool Bot
2018-05-07 16:58:05 UTC
https://xenbits.xen.org/xsa/advisory-256.html Addresses CVE-2018-7542 https://xenbits.xen.org/xsa/advisory-255.html Addresses CVE-2010-7541 https://xenbits.xen.org/xsa/advisory-252.html Addresses CVE-2018-7540 https://xenbits.xen.org/xsa/advisory-253.html Addresses CVE-2018-5244 https://xenbits.xen.org/xsa/advisory-258.html Addresses CVE-2018-10472 https://xenbits.xen.org/xsa/advisory-259.html Addresses CVE-2018-10471 The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2ec669947a76c8f65210a5e57cb1b66eaae18987 commit 2ec669947a76c8f65210a5e57cb1b66eaae18987 Author: Tomas Mozes <hydrapolic@gmail.com> AuthorDate: 2018-07-13 16:51:07 +0000 Commit: Mikle Kolyada <zlogene@gentoo.org> CommitDate: 2018-07-17 11:06:56 +0000 app-emulation/xen: bump to 4.10.1 Bug: https://bugs.gentoo.org/655544 Bug: https://bugs.gentoo.org/655188 Package-Manager: Portage-2.3.42, Repoman-2.3.9 app-emulation/xen/Manifest | 2 + app-emulation/xen/xen-4.10.1.ebuild | 172 ++++++++++++++++++++++++++++++++++++ 2 files changed, 174 insertions(+) Please let's merge https://github.com/gentoo/gentoo/pull/9269 and stabilize 4.10.1-r1, it fixes multiple CVEs. Please call stabilization of 4.10.1-r1. Version 4.10.1-r2 covers all xsa fixes in the stable tree until now, so it's the preferred candidate for stabilization. Tomáš Mózes is working on an updated 4.11.x package. @ maintainer(s): Waiting for your ack to start stabilization. We will proceed with pkg list (i.e. stabilization of 4.10.1-r2) on 2018-09-12 if we don't get a reply. Added to an existing GLSA. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=121914a557406df2e88a7fd79af1c554e9222b55 commit 121914a557406df2e88a7fd79af1c554e9222b55 Author: Tomas Mozes <hydrapolic@gmail.com> AuthorDate: 2018-09-10 10:54:15 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2018-09-10 11:09:46 +0000 app-emulation/xen: bump to 4.11.0-r2 Closes: https://github.com/gentoo/gentoo/pull/9817 Bug: https://bugs.gentoo.org/655188 Package-Manager: Portage-2.3.49, Repoman-2.3.10 app-emulation/xen/Manifest | 1 + app-emulation/xen/xen-4.11.0-r2.ebuild | 172 +++++++++++++++++++++++++++++++++ 2 files changed, 173 insertions(+) *** Bug 666104 has been marked as a duplicate of this bug. *** amd64 stable x86 stable This issue was resolved and addressed in GLSA 201810-06 at https://security.gentoo.org/glsa/201810-06 by GLSA coordinator Thomas Deutschmann (whissi). |