| Summary: | <app-emulation/xen-4.11.3-r1: multiple vulnerabilities (XSA-{307,308,309,310,311}) | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Tomáš Mózes <hydrapolic> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | major | CC: | hydrapolic, proxy-maint, xen |
| Priority: | High | Flags: | stable-bot:
sanity-check+
|
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | B1 [glsa+ cve] | ||
| Package list: |
app-emulation/xen-4.11.3-r1 amd64
app-emulation/xen-tools-4.11.3 amd64 x86
app-emulation/xen-pvgrub-4.11.3 amd64 x86
|
Runtime testing required: | --- |
|
Description
Tomáš Mózes
2019-12-13 06:14:53 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4ff6960975e9334ceba78d3c5d4a921b2ac7d00c commit 4ff6960975e9334ceba78d3c5d4a921b2ac7d00c Author: Tomas Mozes <hydrapolic@gmail.com> AuthorDate: 2019-12-13 06:15:44 +0000 Commit: Yixun Lan <dlan@gentoo.org> CommitDate: 2019-12-13 09:46:17 +0000 app-emulation/xen: bump to 4.11.3-r1 Fix XSA-{307,308,309,310,311} Closes: https://bugs.gentoo.org/700374 Cloese: https://github.com/gentoo/gentoo/pull/13966 Bug: https://bugs.gentoo.org/702644 Package-Manager: Portage-2.3.81, Repoman-2.3.20 Signed-off-by: Tomáš Mózes <hydrapolic@gmail.com> Signed-off-by: Yixun Lan <dlan@gentoo.org> app-emulation/xen/Manifest | 2 +- app-emulation/xen/files/xen-4.11-efi.patch | 36 ++++++++++++++++++++++ .../{xen-4.11.3.ebuild => xen-4.11.3-r1.ebuild} | 6 ++-- 3 files changed, 41 insertions(+), 3 deletions(-) hi tomas, how about briefly mention which XSAs we've fixed in the log next time? for this time, I just go ahead and amend the git commit messages .. always, thanks for the great job! (In reply to Yixun Lan from comment #2) > hi tomas, how about briefly mention which XSAs we've fixed in the log next > time? for this time, I just go ahead and amend the git commit messages .. Thanks, will try to add them next time. x86 stable amd64 stable. Maintainer(s), please cleanup. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b46cbe9cc0b848c0053e164238cf0ac2c889aeb3 commit b46cbe9cc0b848c0053e164238cf0ac2c889aeb3 Author: Yixun Lan <dlan@gentoo.org> AuthorDate: 2019-12-15 14:02:31 +0000 Commit: Yixun Lan <dlan@gentoo.org> CommitDate: 2019-12-15 14:05:30 +0000 app-emulation/xen-tools: drop old vulnerable version Bug: https://bugs.gentoo.org/702644 Package-Manager: Portage-2.3.80, Repoman-2.3.19 Signed-off-by: Yixun Lan <dlan@gentoo.org> app-emulation/xen-tools/Manifest | 2 - app-emulation/xen-tools/files/gentoo-patches.conf | 10 - app-emulation/xen-tools/xen-tools-4.11.2-r1.ebuild | 460 --------------------- 3 files changed, 472 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5d94fc1e24bf4b9408eabc5a9d7620ef74223a00 commit 5d94fc1e24bf4b9408eabc5a9d7620ef74223a00 Author: Yixun Lan <dlan@gentoo.org> AuthorDate: 2019-12-15 13:58:38 +0000 Commit: Yixun Lan <dlan@gentoo.org> CommitDate: 2019-12-15 14:05:27 +0000 app-emulation/xen: cleanup old vulnerable versions Bug: https://bugs.gentoo.org/702644 Package-Manager: Portage-2.3.80, Repoman-2.3.19 Signed-off-by: Yixun Lan <dlan@gentoo.org> app-emulation/xen/Manifest | 3 - app-emulation/xen/xen-4.11.2-r2.ebuild | 154 --------------------------------- app-emulation/xen/xen-4.11.2-r3.ebuild | 154 --------------------------------- 3 files changed, 311 deletions(-) New GLSA request filed. This issue was resolved and addressed in GLSA 202003-56 at https://security.gentoo.org/glsa/202003-56 by GLSA coordinator Thomas Deutschmann (whissi). |
