Bug#1056928: marked as done (xen: CVE-2023-46835 CVE-2023-46836)

Debian Bug Tracking System Wed, 29 Nov 2023 14:27:24 -0800

Your message dated Wed, 29 Nov 2023 22:24:44 +0000
with message-id <[email protected]>
and subject line Bug#1056928: fixed in xen 4.17.2+76-ge1f9cb16e2-1
has caused the Debian Bug report #1056928,
regarding xen: CVE-2023-46835 CVE-2023-46836
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
1056928: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056928
Debian Bug Tracking System
Contact [email protected] with problems

--- Begin Message ---

Source: xen
Version: 4.17.2+55-g0b56bed864-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>

Hi,

The following vulnerabilities were published for xen.

CVE-2023-46835[0]:
| x86/AMD: mismatch in IOMMU quarantine page table levels


CVE-2023-46836[1]:
| x86: BTC/SRSO fixes not fully effective


If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2023-46835
    https://www.cve.org/CVERecord?id=CVE-2023-46835
    https://xenbits.xen.org/xsa/advisory-445.html
[1] https://security-tracker.debian.org/tracker/CVE-2023-46836
    https://www.cve.org/CVERecord?id=CVE-2023-46836
    https://xenbits.xen.org/xsa/advisory-446.html

Regards,
Salvatore

--- End Message ---

--- Begin Message ---

Source: xen
Source-Version: 4.17.2+76-ge1f9cb16e2-1
Done: Maximilian Engelhardt <[email protected]>

We believe that the bug you reported is fixed in the latest version of
xen, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Maximilian Engelhardt <[email protected]> (supplier of updated xen package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 29 Nov 2023 20:17:30 +0100
Source: xen
Architecture: source
Version: 4.17.2+76-ge1f9cb16e2-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Xen Team <[email protected]>
Changed-By: Maximilian Engelhardt <[email protected]>
Closes: 1056928
Changes:
 xen (4.17.2+76-ge1f9cb16e2-1) unstable; urgency=medium
 .
   * Update to new upstream version 4.17.2-76-ge1f9cb16e2, which also contains
     security fixes for the following issues: (Closes: #1056928)
     - x86/AMD: mismatch in IOMMU quarantine page table levels
       XSA-445 CVE-2023-46835
     - x86: BTC/SRSO fixes not fully effective
       XSA-446 CVE-2023-46836
Checksums-Sha1:
 d42fd71ba0539807f19a2fb665cb248ae0644973 4482 xen_4.17.2+76-ge1f9cb16e2-1.dsc
 39d8da9f32a53863b81d0c2f8e2ebcd9ad8da483 4669552 
xen_4.17.2+76-ge1f9cb16e2.orig.tar.xz
 f9969f19ea289481036f7e0c7e4342fd7fe219ff 137256 
xen_4.17.2+76-ge1f9cb16e2-1.debian.tar.xz
Checksums-Sha256:
 75909b5f01a7d8951ee8f3f59674313c19736739ab64e486609d34031452c55a 4482 
xen_4.17.2+76-ge1f9cb16e2-1.dsc
 b1013f8a1aee64777be05a1c5468b32e1ab8766cac94dfc6be73d9e54d7de39c 4669552 
xen_4.17.2+76-ge1f9cb16e2.orig.tar.xz
 56e1e37f4dd93048a4f0cc223be115c05ebd53427f8963002ab37a0a402811f0 137256 
xen_4.17.2+76-ge1f9cb16e2-1.debian.tar.xz
Files:
 6dc5a903fe404569391025733b2fb0a3 4482 admin optional 
xen_4.17.2+76-ge1f9cb16e2-1.dsc
 e9d27eaf79bcfb05e5cebd07a112ffe5 4669552 admin optional 
xen_4.17.2+76-ge1f9cb16e2.orig.tar.xz
 6f9a7a110fb1e64df7dd207ca8c19d16 137256 admin optional 
xen_4.17.2+76-ge1f9cb16e2-1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEESWyddwNaG9637koYssHfcmNhX2wFAmVns0IACgkQssHfcmNh
X2wpKw//anm425JpdCdu/7pywD1WBeN3Uca3++qteCKhAbheNpMBsn0f5exvoTKn
zmaRTXUprxphQk4ZyC3/836/PB8HUZWCxDkNC/bahRodVw2ci2jQhn2Hfu+Ear1/
BkIa7oYtD506ujfLcKve8rWjEsnNz0IKvRLxbkpXFy4wOMjeRqvyVzskTUwdJaId
q8iEKOHSjUdfTb42JtdikoeVPvj+PWibHb1ktKj9c8Q+O6mvCQe3YUO6S4aI2UQ/
7cmg6snJpr6Xc31gZkAXHAoQkfa9BO2OlgTy9igb0EVClBhHTc2pCRAtxyOj/04s
lHy1TGtsXDnUB/XqzWYirLM5iJd+8kTzT5k3SsWuggqsPCQv5mzZP5rXlIB1epKQ
e3QIwixBLyCuIczNJjryYB7xte79kihmHgYTynzdrDoK+5vNfT/fl3YbKmKXb0xP
xlief269waTZiS84rOyy4CBa9cH8BUvQXaLdgyXM1rFiBMG4JT6Sqj4R1ZplFpHc
UPEWzTmP/QwovnWnCFrRLVhSf6fDo8qIjCJrhuQuCsHSSWsABKvV+str++rsn0JA
gxAitTJ65ysLGwm7GKuQyfxPCbT82PjOVntbErSgw6tKbK+eADCdeGIPYDJ5AeE6
oq6t273J56lloATW1VKQ013GVQ2ZLAesA2JE58syzN9mtDLcZLM=
=RQ3c
-----END PGP SIGNATURE-----

--- End Message ---

Bug#1056928: marked as done (xen: CVE-2023-46835 CVE-2023-46836)

Reply via email to