x86 pv: Race condition in typeref acquisition: https://xenbits.xen.org/xsa/advisory-401.html x86 pv: Insufficient care with non-coherent mappings: https://xenbits.xen.org/xsa/advisory-402.html
Thanks, hydrapolic!
x86: MMIO Stale Data vulnerabilities https://xenbits.xen.org/xsa/advisory-404.html
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7c7d3fbce66cc7e528ba2d937561febaea5584b4 commit 7c7d3fbce66cc7e528ba2d937561febaea5584b4 Author: Florian Schmaus <flow@gentoo.org> AuthorDate: 2022-07-04 10:52:32 +0000 Commit: Florian Schmaus <flow@gentoo.org> CommitDate: 2022-07-05 16:22:27 +0000 app-emulation/xen: add 4.15.3 Bug: https://bugs.gentoo.org/850802 Signed-off-by: Florian Schmaus <flow@gentoo.org> Closes: https://github.com/gentoo/gentoo/pull/26217 Closes: https://github.com/gentoo/gentoo/pull/25839 app-emulation/xen/xen-4.15.3.ebuild | 183 ++++++++++++++++++++++++++++++++++++ 1 file changed, 183 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3807633e47f5ccbbd72d25c38de329016067e3d3 commit 3807633e47f5ccbbd72d25c38de329016067e3d3 Author: Florian Schmaus <flow@gentoo.org> AuthorDate: 2022-07-04 10:52:04 +0000 Commit: Florian Schmaus <flow@gentoo.org> CommitDate: 2022-07-05 16:20:56 +0000 app-emulation/xen-tools: add 4.15.3 Bug: https://bugs.gentoo.org/850802 Signed-off-by: Florian Schmaus <flow@gentoo.org> app-emulation/xen-tools/Manifest | 1 + app-emulation/xen-tools/xen-tools-4.15.3.ebuild | 530 ++++++++++++++++++++++++ app-emulation/xen/Manifest | 1 + 3 files changed, 532 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b48c2d2662337ed28190d32ad3898686959dccd5 commit b48c2d2662337ed28190d32ad3898686959dccd5 Author: Florian Schmaus <flow@gentoo.org> AuthorDate: 2022-07-04 10:22:01 +0000 Commit: Florian Schmaus <flow@gentoo.org> CommitDate: 2022-07-05 16:20:56 +0000 app-emulation/xen-tools: add 4.16.1, 4.16.2_pre1 This introduces a new approach to handle Xen patching and versioning. SECURITY_VER and OVMF_VER where dropped as those have not been used in a while. We now consume the upstream patches from a repository called xen-upstream-patches, which will ultimately be hosted by Gentoo infra (e.g. available under gitweb.gentoo.org). The Gentoo patchset now lives in a repository called xen-gentoo-patches, which will also be hosted on Gentoo infra. Furthermore we now follow upstreams versioning scheme. Previously we would sell Xen 4.16.2-pre, which is from the staging-4.16 branch containing security fixes, as Xen 4.16.1. To avoid confusion, we will label the Xen versions as such, and Xen 4.16.1 will what is tagged upstream as RELEASE-4.16.1 (+ the few Gentoo specific patches). Closes: https://bugs.gentoo.org/845099 Bug: https://bugs.gentoo.org/850802 Closes: https://github.com/gentoo/gentoo/pull/25839 Signed-off-by: Florian Schmaus <flow@gentoo.org> app-emulation/xen-tools/Manifest | 3 + app-emulation/xen-tools/xen-tools-4.16.1.ebuild | 526 +++++++++++++++++++++ .../xen-tools/xen-tools-4.16.2_pre1.ebuild | 526 +++++++++++++++++++++ 3 files changed, 1055 insertions(+)
Please cleanup
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=44cd2bcd4251add67376396126d7467f217804c5 commit 44cd2bcd4251add67376396126d7467f217804c5 Author: Florian Schmaus <flow@gentoo.org> AuthorDate: 2022-07-11 06:44:13 +0000 Commit: Florian Schmaus <flow@gentoo.org> CommitDate: 2022-07-11 06:45:27 +0000 app-emulation/xen-tools: drop 4.15.2-r2 Bug: https://bugs.gentoo.org/850802 Signed-off-by: Florian Schmaus <flow@gentoo.org> app-emulation/xen-tools/Manifest | 5 - app-emulation/xen-tools/xen-tools-4.15.2-r2.ebuild | 555 --------------------- 2 files changed, 560 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=69086d143b2e21748bfc0d7c7878b5fde95134c3 commit 69086d143b2e21748bfc0d7c7878b5fde95134c3 Author: Florian Schmaus <flow@gentoo.org> AuthorDate: 2022-07-11 06:44:59 +0000 Commit: Florian Schmaus <flow@gentoo.org> CommitDate: 2022-07-11 06:45:26 +0000 app-emulation/xen: drop 4.15.2-r2 Bug: https://bugs.gentoo.org/850802 Signed-off-by: Florian Schmaus <flow@gentoo.org> app-emulation/xen/Manifest | 2 - app-emulation/xen/xen-4.15.2-r2.ebuild | 163 --------------------------------- 2 files changed, 165 deletions(-)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3f1e2ba62ae09ecf6339b5fce65958bb07d50a38 commit 3f1e2ba62ae09ecf6339b5fce65958bb07d50a38 Author: Florian Schmaus <flow@gentoo.org> AuthorDate: 2022-07-11 06:47:21 +0000 Commit: Florian Schmaus <flow@gentoo.org> CommitDate: 2022-07-11 06:47:21 +0000 app-emulation/xen-tools: drop 4.16.1 Bug: https://bugs.gentoo.org/850802 Signed-off-by: Florian Schmaus <flow@gentoo.org> app-emulation/xen-tools/Manifest | 1 - app-emulation/xen-tools/xen-tools-4.16.1.ebuild | 526 ------------------------ 2 files changed, 527 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6cf2e7926994172cfb0eb62caabc68b53eb945b7 commit 6cf2e7926994172cfb0eb62caabc68b53eb945b7 Author: Florian Schmaus <flow@gentoo.org> AuthorDate: 2022-07-11 06:47:04 +0000 Commit: Florian Schmaus <flow@gentoo.org> CommitDate: 2022-07-11 06:47:04 +0000 app-emulation/xen: drop 4.16.1 Bug: https://bugs.gentoo.org/850802 Signed-off-by: Florian Schmaus <flow@gentoo.org> app-emulation/xen/Manifest | 1 - app-emulation/xen/xen-4.16.1.ebuild | 185 ------------------------------------ 2 files changed, 186 deletions(-)
GLSA request filed
GLSA done, all done.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=22bc39ed12fa34e39fcf5a2559a7f2135d98e1b1 commit 22bc39ed12fa34e39fcf5a2559a7f2135d98e1b1 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2022-08-14 14:28:39 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-08-14 14:33:57 +0000 [ GLSA 202208-23 ] Xen: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/810341 Bug: https://bugs.gentoo.org/812485 Bug: https://bugs.gentoo.org/816882 Bug: https://bugs.gentoo.org/825354 Bug: https://bugs.gentoo.org/832039 Bug: https://bugs.gentoo.org/835401 Bug: https://bugs.gentoo.org/850802 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Sam James <sam@gentoo.org> glsa-202208-23.xml | 88 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 88 insertions(+)