Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 810341 (CVE-2021-28694, CVE-2021-28695, CVE-2021-28696, CVE-2021-28697, CVE-2021-28698, CVE-2021-28699, CVE-2021-28700, XSA-378, XSA-379, XSA-380, XSA-382, XSA-383) - <app-emulation/xen-{4.14.3,4.15.1}: multiple vulnerabilities
Summary: <app-emulation/xen-{4.14.3,4.15.1}: multiple vulnerabilities
Status: RESOLVED FIXED
Alias: CVE-2021-28694, CVE-2021-28695, CVE-2021-28696, CVE-2021-28697, CVE-2021-28698, CVE-2021-28699, CVE-2021-28700, XSA-378, XSA-379, XSA-380, XSA-382, XSA-383
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B1 [glsa+]
Keywords: PullRequest
Depends on: 813861
Blocks: CVE-2021-28701, XSA-384
  Show dependency tree
 
Reported: 2021-08-25 15:09 UTC by Tomáš Mózes
Modified: 2022-08-14 14:34 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Tomáš Mózes 2021-08-25 15:09:10 UTC
Vulnerabilities made public today:
XSA-378
XSA-379
XSA-380
XSA-382
XSA-383

https://xenbits.xen.org/xsa/
Comment 1 Larry the Git Cow gentoo-dev 2021-09-18 09:50:11 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4f2c2f779b6943e83e77b248b567c1e1d840c137

commit 4f2c2f779b6943e83e77b248b567c1e1d840c137
Author:     Tomáš Mózes <hydrapolic@gmail.com>
AuthorDate: 2021-09-11 11:01:18 +0000
Commit:     Joonas Niilola <juippis@gentoo.org>
CommitDate: 2021-09-18 09:49:58 +0000

    app-emulation/xen: bump to 4.14.3/4.15.1
    
    Bug: https://bugs.gentoo.org/812485
    Bug: https://bugs.gentoo.org/810341
    Closes: https://bugs.gentoo.org/800935
    Signed-off-by: Tomáš Mózes <hydrapolic@gmail.com>
    Closes: https://github.com/gentoo/gentoo/pull/22270
    Signed-off-by: Joonas Niilola <juippis@gentoo.org>

 app-emulation/xen/Manifest                   |   2 +
 app-emulation/xen/files/xen-4.15-flask.patch |  13 +++
 app-emulation/xen/xen-4.14.3.ebuild          | 167 +++++++++++++++++++++++++++
 app-emulation/xen/xen-4.15.1.ebuild          | 167 +++++++++++++++++++++++++++
 4 files changed, 349 insertions(+)
Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-09-18 13:28:59 UTC
Thanks! Please file a stablereq to block this bug when ready.
Comment 3 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-09-19 13:28:24 UTC
No, we've detached new stabilizations from security bugs:

https://archives.gentoo.org/gentoo-dev-announce/message/66f1227144d451eac3c1f641771be557
Comment 4 NATTkA bot gentoo-dev 2021-09-19 13:32:36 UTC
Keywords are not fully specified and arches are not CC-ed for the following packages:

- =app-emulation/xen-tools-4.14.3
Comment 5 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-10-17 14:03:57 UTC
Ping
Comment 6 Tomáš Mózes 2021-12-18 01:12:52 UTC
This is done, tree clean.
Comment 7 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-08-14 04:51:54 UTC
GLSA request filed
Comment 8 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2022-08-14 14:30:42 UTC
GLSA done, all done.
Comment 9 Larry the Git Cow gentoo-dev 2022-08-14 14:34:26 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=22bc39ed12fa34e39fcf5a2559a7f2135d98e1b1

commit 22bc39ed12fa34e39fcf5a2559a7f2135d98e1b1
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2022-08-14 14:28:39 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2022-08-14 14:33:57 +0000

    [ GLSA 202208-23 ] Xen: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/810341
    Bug: https://bugs.gentoo.org/812485
    Bug: https://bugs.gentoo.org/816882
    Bug: https://bugs.gentoo.org/825354
    Bug: https://bugs.gentoo.org/832039
    Bug: https://bugs.gentoo.org/835401
    Bug: https://bugs.gentoo.org/850802
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Sam James <sam@gentoo.org>

 glsa-202208-23.xml | 88 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 88 insertions(+)