Bug 826998 (CVE-2021-28703, CVE-2021-28704, CVE-2021-28705, CVE-2021-28706, CVE-2021-28707, CVE-2021-28708, CVE-2021-28709, XSA-385, XSA-387, XSA-388, XSA-389)

Summary:	<app-emulation/xen-{4.14.3-r2,4.15.1-r2}: multiple vulnerabilities
Product:	Gentoo Security	Reporter:	Tomáš Mózes <hydrapolic>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	normal	CC:	ajak, hydrapolic, proxy-maint, xen
Priority:	Normal	Keywords:	PullRequest
Version:	unspecified
Hardware:	All
OS:	Linux
See Also:	https://github.com/gentoo/gentoo/pull/23064 https://bugs.gentoo.org/show_bug.cgi?id=827094
Whiteboard:	B2 [glsa+]
Package list:		Runtime testing required:	---

Description Tomáš Mózes 2021-11-24 06:06:56 UTC

https://xenbits.xen.org/xsa/advisory-385.html
https://xenbits.xen.org/xsa/advisory-387.html
https://xenbits.xen.org/xsa/advisory-388.html
https://xenbits.xen.org/xsa/advisory-389.html

Comment 1 Larry the Git Cow gentoo-dev

2021-11-24 07:44:05 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=01eab127a243956ce4de2e0b9ce1221352851c86

commit 01eab127a243956ce4de2e0b9ce1221352851c86
Author:     Tomáš Mózes <hydrapolic@gmail.com>
AuthorDate: 2021-11-24 06:11:59 +0000
Commit:     Florian Schmaus <flow@gentoo.org>
CommitDate: 2021-11-24 07:43:30 +0000

    app-emulation/xen: add 4.14.3-r2 and 4.15.1-r2
    
    Bug: https://bugs.gentoo.org/825354
    Bug: https://bugs.gentoo.org/826998
    Closes: https://bugs.gentoo.org/819408
    Signed-off-by: Tomáš Mózes <hydrapolic@gmail.com>
    Closes: https://github.com/gentoo/gentoo/pull/23064
    Signed-off-by: Florian Schmaus <flow@gentoo.org>

 app-emulation/xen/Manifest             |   2 +
 app-emulation/xen/xen-4.14.3-r2.ebuild | 163 +++++++++++++++++++++++++++++++++
 app-emulation/xen/xen-4.15.1-r2.ebuild | 163 +++++++++++++++++++++++++++++++++
 3 files changed, 328 insertions(+)

Comment 2 John Helmert III archtester

2024-02-01 06:14:50 UTC

Hm, seems like we missed this with it not being assigned to security@, sorry!

Comment 3 Larry the Git Cow gentoo-dev

2024-02-04 07:17:08 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=3f8db3fdbc2235dee30f5c1ea206584ecabbe484

commit 3f8db3fdbc2235dee30f5c1ea206584ecabbe484
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2024-02-04 07:16:20 +0000
Commit:     Hans de Graaff <graaff@gentoo.org>
CommitDate: 2024-02-04 07:16:59 +0000

    [ GLSA 202402-07 ] Xen: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/754105
    Bug: https://bugs.gentoo.org/757126
    Bug: https://bugs.gentoo.org/826998
    Bug: https://bugs.gentoo.org/837575
    Bug: https://bugs.gentoo.org/858122
    Bug: https://bugs.gentoo.org/876790
    Bug: https://bugs.gentoo.org/879031
    Bug: https://bugs.gentoo.org/903624
    Bug: https://bugs.gentoo.org/905389
    Bug: https://bugs.gentoo.org/915970
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Hans de Graaff <graaff@gentoo.org>

 glsa-202402-07.xml | 112 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 112 insertions(+)