Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 795054 (CVE-2021-0089, CVE-2021-26313, CVE-2021-28690, CVE-2021-28691, CVE-2021-28692, CVE-2021-28693, XSA-372, XSA-373, XSA-374, XSA-375, XSA-377)

Summary: <app-emulation/xen-{4.14.2-r1,4.15.0-r1}: multiple vulnerabilities (XSA-{372,373,374,375,377})
Product: Gentoo Security Reporter: Tomáš Mózes <hydrapolic>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: hydrapolic, proxy-maint, xen
Priority: Normal Keywords: PullRequest
Version: unspecifiedFlags: nattka: sanity-check+
Hardware: All   
OS: Linux   
See Also: https://github.com/gentoo/gentoo/pull/21168
https://github.com/gentoo/gentoo/pull/21611
Whiteboard: B1 [glsa+ cve]
Package list:
app-emulation/xen-4.14.2-r1 amd64 app-emulation/xen-tools-4.14.2-r1
Runtime testing required: ---

Description Tomáš Mózes 2021-06-09 07:26:12 UTC
New patches came out yesterday for XSA-372, XSA-373, XSA-374, XSA-375, XSA-377

https://xenbits.xen.org/xsa/
Comment 1 Larry the Git Cow gentoo-dev 2021-06-11 12:53:16 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ee98a9e773c46b04534c0ceabce56cfd11866b53

commit ee98a9e773c46b04534c0ceabce56cfd11866b53
Author:     Tomáš Mózes <hydrapolic@gmail.com>
AuthorDate: 2021-06-09 07:18:09 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2021-06-11 12:49:01 +0000

    app-emulation/xen: add upstream security patches
    
    Fixes XSA-372, XSA-373, XSA-374, XSA-375, XSA-377
    
    Bug: https://bugs.gentoo.org/795054
    Signed-off-by: Tomáš Mózes <hydrapolic@gmail.com>
    Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

 app-emulation/xen/Manifest             |   1 +
 app-emulation/xen/xen-4.15.0-r1.ebuild | 169 +++++++++++++++++++++++++++++++++
 2 files changed, 170 insertions(+)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=31d16f4a033665a6cdb28d55e4b72a43969a8e79

commit 31d16f4a033665a6cdb28d55e4b72a43969a8e79
Author:     Tomáš Mózes <hydrapolic@gmail.com>
AuthorDate: 2021-06-09 07:17:38 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2021-06-11 12:49:01 +0000

    app-emulation/xen: add upstream security patches
    
    Fixes XSA-372, XSA-373, XSA-374, XSA-375, XSA-377
    
    Bug: https://bugs.gentoo.org/795054
    Signed-off-by: Tomáš Mózes <hydrapolic@gmail.com>
    Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

 app-emulation/xen/Manifest             |   1 +
 app-emulation/xen/xen-4.14.2-r1.ebuild | 169 +++++++++++++++++++++++++++++++++
 2 files changed, 170 insertions(+)
Comment 2 John Helmert III gentoo-dev Security 2021-06-11 20:12:45 UTC
Please stable when ready.
Comment 3 NATTkA bot gentoo-dev 2021-06-11 20:16:22 UTC Comment hidden (obsolete)
Comment 4 Sam James archtester gentoo-dev Security 2021-06-12 13:59:39 UTC
amd64 done
Comment 5 Sam James archtester gentoo-dev Security 2021-06-12 13:59:59 UTC
x86 done

all arches done
Comment 6 John Helmert III gentoo-dev Security 2021-06-12 14:02:49 UTC
Please cleanup, thanks!
Comment 7 John Helmert III gentoo-dev Security 2021-07-06 02:31:54 UTC
What about 4.13.x?
Comment 8 John Helmert III gentoo-dev Security 2021-07-06 02:51:37 UTC
GLSA request filed.
Comment 9 Tomáš Mózes 2021-07-07 14:59:58 UTC
(In reply to John Helmert III from comment #7)
> What about 4.13.x?

We'll clean it.
Comment 10 GLSAMaker/CVETool Bot gentoo-dev 2021-07-12 02:51:00 UTC
This issue was resolved and addressed in
 GLSA 202107-30 at https://security.gentoo.org/glsa/202107-30
by GLSA coordinator Sam James (sam_c).
Comment 11 Sam James archtester gentoo-dev Security 2021-07-12 02:51:49 UTC
Reopening for cleanup.
Comment 12 Larry the Git Cow gentoo-dev 2021-07-15 05:31:17 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2b346612c0c2d11ecf23af72c1aa72d24e0dc9a4

commit 2b346612c0c2d11ecf23af72c1aa72d24e0dc9a4
Author:     Tomáš Mózes <hydrapolic@gmail.com>
AuthorDate: 2021-07-12 10:13:39 +0000
Commit:     Joonas Niilola <juippis@gentoo.org>
CommitDate: 2021-07-15 05:30:37 +0000

    app-emulation/xen: drop vulnerable
    
    Bug: https://bugs.gentoo.org/795054
    Signed-off-by: Tomáš Mózes <hydrapolic@gmail.com>
    Signed-off-by: Joonas Niilola <juippis@gentoo.org>

 app-emulation/xen/Manifest          |   1 -
 app-emulation/xen/xen-4.13.3.ebuild | 165 ------------------------------------
 2 files changed, 166 deletions(-)
Comment 13 John Helmert III gentoo-dev Security 2021-07-15 05:32:09 UTC
Thanks! All done