Comment 1 Larry the Git Cow 2019-12-13 09:53:42 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4ff6960975e9334ceba78d3c5d4a921b2ac7d00c

commit 4ff6960975e9334ceba78d3c5d4a921b2ac7d00c
Author:     Tomas Mozes <hydrapolic@gmail.com>
AuthorDate: 2019-12-13 06:15:44 +0000
Commit:     Yixun Lan <dlan@gentoo.org>
CommitDate: 2019-12-13 09:46:17 +0000

    app-emulation/xen: bump to 4.11.3-r1
    
    Fix XSA-{307,308,309,310,311}
    
    Closes: https://bugs.gentoo.org/700374
    Cloese: https://github.com/gentoo/gentoo/pull/13966
    Bug: https://bugs.gentoo.org/702644
    Package-Manager: Portage-2.3.81, Repoman-2.3.20
    Signed-off-by: Tomáš Mózes <hydrapolic@gmail.com>
    Signed-off-by: Yixun Lan <dlan@gentoo.org>

 app-emulation/xen/Manifest                         |  2 +-
 app-emulation/xen/files/xen-4.11-efi.patch         | 36 ++++++++++++++++++++++
 .../{xen-4.11.3.ebuild => xen-4.11.3-r1.ebuild}    |  6 ++--
 3 files changed, 41 insertions(+), 3 deletions(-)

Comment 2 Yixun Lan 2019-12-13 09:54:36 UTC

hi tomas, how about briefly mention which XSAs we've fixed in the log next time? for this time, I just go ahead and amend the git commit messages ..

always, thanks for the great job!

(In reply to Yixun Lan from comment #2)
> hi tomas, how about briefly mention which XSAs we've fixed in the log next
> time? for this time, I just go ahead and amend the git commit messages ..

Thanks, will try to add them next time.

Comment 4 Agostino Sarubbo 2019-12-13 14:37:51 UTC

x86 stable

Comment 5 Agostino Sarubbo 2019-12-15 13:43:16 UTC

amd64 stable.

Maintainer(s), please cleanup.

Comment 6 Larry the Git Cow 2019-12-15 14:05:57 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b46cbe9cc0b848c0053e164238cf0ac2c889aeb3

commit b46cbe9cc0b848c0053e164238cf0ac2c889aeb3
Author:     Yixun Lan <dlan@gentoo.org>
AuthorDate: 2019-12-15 14:02:31 +0000
Commit:     Yixun Lan <dlan@gentoo.org>
CommitDate: 2019-12-15 14:05:30 +0000

    app-emulation/xen-tools: drop old vulnerable version
    
    Bug: https://bugs.gentoo.org/702644
    Package-Manager: Portage-2.3.80, Repoman-2.3.19
    Signed-off-by: Yixun Lan <dlan@gentoo.org>

 app-emulation/xen-tools/Manifest                   |   2 -
 app-emulation/xen-tools/files/gentoo-patches.conf  |  10 -
 app-emulation/xen-tools/xen-tools-4.11.2-r1.ebuild | 460 ---------------------
 3 files changed, 472 deletions(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5d94fc1e24bf4b9408eabc5a9d7620ef74223a00

commit 5d94fc1e24bf4b9408eabc5a9d7620ef74223a00
Author:     Yixun Lan <dlan@gentoo.org>
AuthorDate: 2019-12-15 13:58:38 +0000
Commit:     Yixun Lan <dlan@gentoo.org>
CommitDate: 2019-12-15 14:05:27 +0000

    app-emulation/xen: cleanup old vulnerable versions
    
    Bug: https://bugs.gentoo.org/702644
    Package-Manager: Portage-2.3.80, Repoman-2.3.19
    Signed-off-by: Yixun Lan <dlan@gentoo.org>

 app-emulation/xen/Manifest             |   3 -
 app-emulation/xen/xen-4.11.2-r2.ebuild | 154 ---------------------------------
 app-emulation/xen/xen-4.11.2-r3.ebuild | 154 ---------------------------------
 3 files changed, 311 deletions(-)

Comment 7 Thomas Deutschmann (RETIRED) 2020-03-25 20:34:32 UTC

New GLSA request filed.

Comment 8 GLSAMaker/CVETool Bot 2020-03-25 20:48:21 UTC

This issue was resolved and addressed in
 GLSA 202003-56 at https://security.gentoo.org/glsa/202003-56
by GLSA coordinator Thomas Deutschmann (whissi).