[Git][security-tracker-team/security-tracker][master] xen DSA
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: f2bcd41f by Moritz Mühlenhoff at 2023-03-24T20:26:20+01:00 xen DSA - - - - - 3 changed files: - data/CVE/list - data/DSA/list - data/dsa-needed.txt Changes: = data/CVE/list = @@ -93432,7 +93432,6 @@ CVE-2022-23825 (Aliases in the branch predictor may cause some AMD processors to NOTE: https://www.amd.com/system/files/documents/technical-guidance-for-mitigating-branch-type-confusion.pdf CVE-2022-23824 (IBPB may not prevent return branch predictions from being specified by ...) - xen 4.16.2+90-g0d39a6d1ae-1 - [bullseye] - xen (Fix along in next DSA) [buster] - xen (DSA 4677-1) NOTE: https://xenbits.xen.org/xsa/advisory-422.html NOTE: https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1040 = data/DSA/list = @@ -1,3 +1,6 @@ +[24 Mar 2023] DSA-5378-1 xen - security update + {CVE-2022-23824 CVE-2022-42331 CVE-2022-42332 CVE-2022-42333 CVE-2022-42334} + [bullseye] - xen 4.14.5+94-ge49571868d-1 [23 Mar 2023] DSA-5377-1 chromium - security update {CVE-2023-1528 CVE-2023-1529 CVE-2023-1530 CVE-2023-1531 CVE-2023-1532 CVE-2023-1533 CVE-2023-1534} [bullseye] - chromium 111.0.5563.110-1~deb11u1 = data/dsa-needed.txt = @@ -61,8 +61,6 @@ samba sofia-sip Maintainer proposed debdiff for review with additional question and sent a followup -- -xen --- xrdp needs some additional clarification, tentatively DSA worthy maybe upgrade to 0.9.21 within bullseye? View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f2bcd41ffcdc985b2e40a8f57a5a000aa4ae3154 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f2bcd41ffcdc985b2e40a8f57a5a000aa4ae3154 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] xen DSA
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: c257023f by Moritz Mühlenhoff at 2021-12-05T12:32:32+01:00 xen DSA - - - - - 2 changed files: - data/DSA/list - data/dsa-needed.txt Changes: = data/DSA/list = @@ -1,3 +1,6 @@ +[05 Dec 2021] DSA-5017-1 xen - security update + {CVE-2021-28704 CVE-2021-28705 CVE-2021-28706 CVE-2021-28707 CVE-2021-28708 CVE-2021-28709} + [bullseye] - xen 4.14.3+32-g9de3671772-1~deb11u1 [01 Dec 2021] DSA-5016-1 nss - security update {CVE-2021-43527} [buster] - nss 2:3.42.1-1+deb10u4 = data/dsa-needed.txt = @@ -62,7 +62,3 @@ varnish -- wireshark -- -xen - Maintainer proposed an update, but might be very well as well an option via point release - given the timeline and the kernel upgrade pending. --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c257023f5caefc043fabd67de9ec9a156c68f1c2 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c257023f5caefc043fabd67de9ec9a156c68f1c2 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] xen DSA
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 84abb234 by Moritz Mühlenhoff at 2021-09-20T21:00:51+02:00 xen DSA - - - - - 2 changed files: - data/DSA/list - data/dsa-needed.txt Changes: = data/DSA/list = @@ -1,3 +1,6 @@ +[20 Sep 2021] DSA-4977-1 xen - security update + {CVE-2021-28694 CVE-2021-28695 CVE-2021-28696 CVE-2021-28697 CVE-2021-28698 CVE-2021-28699 CVE-2021-28700 CVE-2021-28701} + [bullseye] - xen 4.14.3-1~deb11u1 [20 Sep 2021] DSA-4976-1 wpewebkit - security update {CVE-2021-30858} [bullseye] - wpewebkit 2.32.4-1~deb11u1 = data/dsa-needed.txt = @@ -51,5 +51,3 @@ varnish wordpress (seb) 2021-09-13: Craig Small prepared an upload for bullseye -- -xen (jmm) --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/84abb234ce66a318f812ea9affd925b1453123b6 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/84abb234ce66a318f812ea9affd925b1453123b6 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] xen DSA
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: cbd560ad by Moritz Mühlenhoff at 2021-06-15T22:50:15+02:00 xen DSA - - - - - 2 changed files: - data/DSA/list - data/dsa-needed.txt Changes: = data/DSA/list = @@ -1,3 +1,6 @@ +[15 Jun 2021] DSA-4931-1 xen - security update + {CVE-2021-0089 CVE-2021-26313 CVE-2021-28690 CVE-2021-28692} + [buster] - xen 4.11.4+107-gef32c7afa2-1 [10 Jun 2021] DSA-4930-1 libwebp - security update {CVE-2018-25009 CVE-2018-25010 CVE-2018-25011 CVE-2018-25013 CVE-2018-25014 CVE-2020-36328 CVE-2020-36329 CVE-2020-36330 CVE-2020-36331 CVE-2020-36332} [buster] - libwebp 0.6.1-2+deb10u1 = data/dsa-needed.txt = @@ -37,5 +37,3 @@ runc -- salt -- -xen (jmm) --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cbd560ad922817219b42cd574591dab88e62b4c3 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cbd560ad922817219b42cd574591dab88e62b4c3 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] xen DSA
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: b97c505b by Moritz Mühlenhoff at 2020-12-15T13:48:09+01:00 xen DSA - - - - - 1 changed file: - data/DSA/list Changes: = data/DSA/list = @@ -1,3 +1,6 @@ +[15 Dec 2020] DSA-4812-1 xen - security update + {CVE-2020-29479 CVE-2020-29480 CVE-2020-29481 CVE-2020-29482 CVE-2020-29483 CVE-2020-29484 CVE-2020-29485 CVE-2020-29486 CVE-2020-29566 CVE-2020-29570 CVE-2020-29571} + [buster] - xen 4.11.4+57-g41a822c392-2 [15 Dec 2020] DSA-4811-1 libxstream-java - security update {CVE-2020-26217} [buster] - libxstream-java 1.4.11.1-1+deb10u1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b97c505b90d413f78c7dcf198d508b6e770e00ec -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b97c505b90d413f78c7dcf198d508b6e770e00ec You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] xen DSA
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: d35dcede by Moritz Muehlenhoff at 2020-10-02T19:13:24+02:00 xen DSA - - - - - 2 changed files: - data/DSA/list - data/dsa-needed.txt Changes: = data/DSA/list = @@ -1,3 +1,6 @@ +[02 Oct 2020] DSA-4769-1 xen - security update + {CVE-2020-25595 CVE-2020-25596 CVE-2020-25597 CVE-2020-25599 CVE-2020-25600 CVE-2020-25601 CVE-2020-25602 CVE-2020-25603 CVE-2020-25604} + [buster] - xen 4.11.4+37-g3263f257ca-1 [28 Sep 2020] DSA-4768-1 firefox-esr - security update {CVE-2020-15673 CVE-2020-15676 CVE-2020-15677 CVE-2020-15678} [buster] - firefox-esr 78.3.0esr-1~deb10u1 = data/dsa-needed.txt = @@ -35,5 +35,3 @@ thunderbird (jmm) xcftools Hugo proposed to work on this update -- -xen (jmm) --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d35dcede6e3fa820be995448e894e5e55193cb56 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d35dcede6e3fa820be995448e894e5e55193cb56 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] xen DSA
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 9df07e2a by Moritz Muehlenhoff at 2020-01-13T23:10:10+01:00 xen DSA - - - - - 3 changed files: - data/CVE/list - data/DSA/list - data/dsa-needed.txt Changes: = data/CVE/list = @@ -40778,6 +40778,7 @@ CVE-2019-11135 (TSX Asynchronous Abort condition on some CPUs utilizing speculat - linux 5.3.9-2 - intel-microcode 3.20191112.1 - xen 4.11.3+24-g14b62ab3e5-1 (bug #947944) + [stretch] - xen 4.8.5.final+shim4.10.4-1+deb9u12 NOTE: https://software.intel.com/security-software-guidance/insights/deep-dive-intel-transactional-synchronization-extensions-intel-tsx-asynchronous-abort NOTE: https://xenbits.xen.org/xsa/advisory-305.html NOTE: The 3.20191112.1 release for intel-microcode did contain most updates, additional @@ -40873,6 +40874,7 @@ CVE-2019-11091 (Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Unc - intel-microcode 3.20190514.1 - linux 4.19.37-2 - xen 4.11.1+92-g6c33308a8d-1 (bug #929129) + [stretch] - xen 4.8.5.final+shim4.10.4-1+deb9u12 [jessie] - xen (Depends on fix for CVE-2017-5715, CVE-2017-5753, CVE-2017-5754) NOTE: https://git.kernel.org/linus/fa4bff165070dc40a3de35b78e4f8da8e8d85ec5 NOTE: https://software.intel.com/security-software-guidance/software-guidance/microarchitectural-data-sampling @@ -46124,37 +46126,46 @@ CVE-2019-17349 (An issue was discovered in Xen through 4.12.x allowing Arm domU NOTE: https://xenbits.xen.org/xsa/advisory-295.html CVE-2019-17348 (An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS ...) - xen 4.11.1+92-g6c33308a8d-1 (bug #929992) + [stretch] - xen 4.8.5.final+shim4.10.4-1+deb9u12 [jessie] - xen (PCID support not backported) NOTE: https://xenbits.xen.org/xsa/advisory-294.html CVE-2019-17347 (An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS ...) - xen 4.11.1+92-g6c33308a8d-1 (bug #92) + [stretch] - xen 4.8.5.final+shim4.10.4-1+deb9u12 NOTE: https://xenbits.xen.org/xsa/advisory-293.html CVE-2019-17346 (An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS ...) - xen 4.11.1+92-g6c33308a8d-1 (bug #929993) + [stretch] - xen 4.8.5.final+shim4.10.4-1+deb9u12 [jessie] - xen (PCID support not backported) NOTE: https://xenbits.xen.org/xsa/advisory-292.html CVE-2019-17345 (An issue was discovered in Xen 4.8.x through 4.11.x allowing x86 PV gu ...) - xen 4.11.1+92-g6c33308a8d-1 (bug #929995) + [stretch] - xen 4.8.5.final+shim4.10.4-1+deb9u12 [jessie] - xen (only 4.8 and later affected) NOTE: https://xenbits.xen.org/xsa/advisory-291.html CVE-2019-17344 (An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS ...) - xen 4.11.1+92-g6c33308a8d-1 (bug #929996) + [stretch] - xen 4.8.5.final+shim4.10.4-1+deb9u12 [jessie] - xen (Introduced by ignored fix for CVE-2018-3646) NOTE: https://xenbits.xen.org/xsa/advisory-290.html CVE-2019-17343 (An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS ...) {DLA-1949-1} - xen 4.11.1+92-g6c33308a8d-1 (bug #929994) + [stretch] - xen 4.8.5.final+shim4.10.4-1+deb9u12 NOTE: https://xenbits.xen.org/xsa/advisory-288.html CVE-2019-17342 (An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS ...) {DLA-1949-1} - xen 4.11.1+92-g6c33308a8d-1 (bug #930001) + [stretch] - xen 4.8.5.final+shim4.10.4-1+deb9u12 NOTE: https://xenbits.xen.org/xsa/advisory-287.html CVE-2019-17341 (An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS ...) {DLA-1949-1} - xen 4.11.1+92-g6c33308a8d-1 (bug #929998) + [stretch] - xen 4.8.5.final+shim4.10.4-1+deb9u12 NOTE: https://xenbits.xen.org/xsa/advisory-285.html CVE-2019-17340 (An issue was discovered in Xen through 4.11.x allowing x86 guest OS us ...) - xen 4.11.1+92-g6c33308a8d-1 (bug #929991) + [stretch] - xen 4.8.5.final+shim4.10.4-1+deb9u12 [jessie] - xen (memory leak on huge memory machines) NOTE: https://xenbits.xen.org/xsa/advisory-284.html CVE-2019-9576 (The Blog2Social plugin before 5.0.3 for WordPress allows wp-admin/admi ...) @@ -91629,6 +91640,7 @@ CVE-2018-12207 (Improper invalidation for page table updates by a virtual guest - linux 5.3.9-2 [jessie] - linux (Untrusted guests are no longer supportable) - xen 4.11.3+24-g14b62ab3e5-1 (bug #947944) + [stretch] - xen 4.8.5.final+shim4.10.4-1+deb9u12 NOTE: https://software.intel.com/security-software-guidance/insights/deep-dive-machine-check-error-avoidance-page-size-change-0 NOTE:
[Git][security-tracker-team/security-tracker][master] xen DSA
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: d7569c9a by Moritz Muehlenhoff at 2018-06-27T23:17:30+02:00 xen DSA - - - - - 1 changed file: - data/DSA/list Changes: = data/DSA/list = --- a/data/DSA/list +++ b/data/DSA/list @@ -1,3 +1,6 @@ +[27 Jun 2018] DSA-4236-1 xen - security update + {CVE-2018-12891 CVE-2018-12892 CVE-2018-12893} + [stretch] - xen 4.8.3+xsa267+shim4.10.1+xsa267-1+deb9u9 [27 Jun 2018] DSA-4235-1 firefox-esr - security update {CVE-2018-5156 CVE-2018-12359 CVE-2018-12360 CVE-2018-12362 CVE-2018-12363 CVE-2018-12364 CVE-2018-12365 CVE-2018-12366} [stretch] - firefox-esr 52.9.0esr-1~deb9u1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d7569c9aea0195f76cc2e68956f7ca7ee5629901 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d7569c9aea0195f76cc2e68956f7ca7ee5629901 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] xen DSA
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 83300c9f by Moritz Muehlenhoff at 2018-06-20T08:57:50+02:00 xen DSA - - - - - 1 changed file: - data/DSA/list Changes: = data/DSA/list = --- a/data/DSA/list +++ b/data/DSA/list @@ -1,3 +1,6 @@ +[20 Jun 2018] DSA-4232-1 xen - security update + {CVE-2018-3665} + [stretch] - xen 4.8.3+xsa267+shim4.10.1+xsa267-1+deb9u8 [17 Jun 2018] DSA-4231-1 libgcrypt20 - security update {CVE-2018-0495} [stretch] - libgcrypt20 1.7.6-2+deb9u3 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/83300c9f96ef7742ddbda7d55e49e4dc92445bfd -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/83300c9f96ef7742ddbda7d55e49e4dc92445bfd You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] xen DSA
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 24421d64 by Moritz Muehlenhoff at 2018-05-15T21:58:06+02:00 xen DSA - - - - - 2 changed files: - data/DSA/list - data/dsa-needed.txt Changes: = data/DSA/list = --- a/data/DSA/list +++ b/data/DSA/list @@ -1,3 +1,6 @@ +[15 May 2018] DSA-4201-1 xen - security update + {CVE-2018-8897 CVE-2018-10471 CVE-2018-10472 CVE-2018-10981 CVE-2018-10982} + [stretch] - xen 4.8.3+comet2+shim4.10.0+comet3-1+deb9u6 [14 May 2018] DSA-4200-1 kwallet-pam - security update {CVE-2018-10380} [stretch] - kwallet-pam 5.8.4-1+deb9u2 = data/dsa-needed.txt = --- a/data/dsa-needed.txt +++ b/data/dsa-needed.txt @@ -88,7 +88,5 @@ vlc (jmm) -- wavpack (jmm) -- -xen --- zendframework/oldstable -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/24421d64f881ea3e0a2e2421f62d3aeff51b049e --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/24421d64f881ea3e0a2e2421f62d3aeff51b049e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits