Summary: | <app-emulation/xen-{4.14.2-r1,4.15.0-r1}: multiple vulnerabilities (XSA-{372,373,374,375,377}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Tomáš Mózes <hydrapolic> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | hydrapolic, proxy-maint, xen |
Priority: | Normal | Keywords: | PullRequest |
Version: | unspecified | Flags: | nattka:
sanity-check+
|
Hardware: | All | ||
OS: | Linux | ||
See Also: |
https://github.com/gentoo/gentoo/pull/21168 https://github.com/gentoo/gentoo/pull/21611 |
||
Whiteboard: | B1 [glsa+ cve] | ||
Package list: |
app-emulation/xen-4.14.2-r1 amd64
app-emulation/xen-tools-4.14.2-r1
|
Runtime testing required: | --- |
Description
Tomáš Mózes
2021-06-09 07:26:12 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ee98a9e773c46b04534c0ceabce56cfd11866b53 commit ee98a9e773c46b04534c0ceabce56cfd11866b53 Author: Tomáš Mózes <hydrapolic@gmail.com> AuthorDate: 2021-06-09 07:18:09 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2021-06-11 12:49:01 +0000 app-emulation/xen: add upstream security patches Fixes XSA-372, XSA-373, XSA-374, XSA-375, XSA-377 Bug: https://bugs.gentoo.org/795054 Signed-off-by: Tomáš Mózes <hydrapolic@gmail.com> Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> app-emulation/xen/Manifest | 1 + app-emulation/xen/xen-4.15.0-r1.ebuild | 169 +++++++++++++++++++++++++++++++++ 2 files changed, 170 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=31d16f4a033665a6cdb28d55e4b72a43969a8e79 commit 31d16f4a033665a6cdb28d55e4b72a43969a8e79 Author: Tomáš Mózes <hydrapolic@gmail.com> AuthorDate: 2021-06-09 07:17:38 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2021-06-11 12:49:01 +0000 app-emulation/xen: add upstream security patches Fixes XSA-372, XSA-373, XSA-374, XSA-375, XSA-377 Bug: https://bugs.gentoo.org/795054 Signed-off-by: Tomáš Mózes <hydrapolic@gmail.com> Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> app-emulation/xen/Manifest | 1 + app-emulation/xen/xen-4.14.2-r1.ebuild | 169 +++++++++++++++++++++++++++++++++ 2 files changed, 170 insertions(+) Please stable when ready. Sanity check failed:
> app-emulation/xen-4.14.2-r1
> pdepend amd64 dev profile default/linux/amd64/17.0/x32 (1 total)
> ~app-emulation/xen-tools-4.14.2
> pdepend amd64 stable profile default/linux/amd64/17.1 (15 total)
> ~app-emulation/xen-tools-4.14.2
amd64 done x86 done all arches done Please cleanup, thanks! What about 4.13.x? GLSA request filed. (In reply to John Helmert III from comment #7) > What about 4.13.x? We'll clean it. This issue was resolved and addressed in GLSA 202107-30 at https://security.gentoo.org/glsa/202107-30 by GLSA coordinator Sam James (sam_c). Reopening for cleanup. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2b346612c0c2d11ecf23af72c1aa72d24e0dc9a4 commit 2b346612c0c2d11ecf23af72c1aa72d24e0dc9a4 Author: Tomáš Mózes <hydrapolic@gmail.com> AuthorDate: 2021-07-12 10:13:39 +0000 Commit: Joonas Niilola <juippis@gentoo.org> CommitDate: 2021-07-15 05:30:37 +0000 app-emulation/xen: drop vulnerable Bug: https://bugs.gentoo.org/795054 Signed-off-by: Tomáš Mózes <hydrapolic@gmail.com> Signed-off-by: Joonas Niilola <juippis@gentoo.org> app-emulation/xen/Manifest | 1 - app-emulation/xen/xen-4.13.3.ebuild | 165 ------------------------------------ 2 files changed, 166 deletions(-) Thanks! All done |