-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 02 Dec 2023 17:58:08 +0100 Source: xen Architecture: source Version: 4.17.2+76-ge1f9cb16e2-1~deb12u1 Distribution: bookworm Urgency: medium Maintainer: Debian Xen Team <pkg-xen-devel@lists.alioth.debian.org> Changed-By: Maximilian Engelhardt <maxi@daemonizer.de> Closes: 1042102 1056928 Changes: xen (4.17.2+76-ge1f9cb16e2-1~deb12u1) bookworm; urgency=medium . * Rebuild for bookworm to address the security issues since 4.17.1+2-gb773c48e36-1 listed below. * d/salsa-ci.yml: Set RELEASE variable to bookworm . xen (4.17.2+76-ge1f9cb16e2-1) unstable; urgency=medium . * Update to new upstream version 4.17.2-76-ge1f9cb16e2, which also contains security fixes for the following issues: (Closes: #1056928) - x86/AMD: mismatch in IOMMU quarantine page table levels XSA-445 CVE-2023-46835 - x86: BTC/SRSO fixes not fully effective XSA-446 CVE-2023-46836 . xen (4.17.2+55-g0b56bed864-1) unstable; urgency=medium . * Update to new upstream version 4.17.2+55-g0b56bed864, which also contains security fixes for the following issues: - arm32: The cache may not be properly cleaned/invalidated XSA-437 CVE-2023-34321 - top-level shadow reference dropped too early for 64-bit PV guests XSA-438 CVE-2023-34322 - x86/AMD: Divide speculative information leak XSA-439 CVE-2023-20588 - xenstored: A transaction conflict can crash C Xenstored XSA-440 CVE-2023-34323 - x86/AMD: missing IOMMU TLB flushing XSA-442 CVE-2023-34326 - Multiple vulnerabilities in libfsimage disk handling XSA-443 CVE-2023-34325 - x86/AMD: Debug Mask handling XSA-444 CVE-2023-34327 CVE-2023-34328 * Note that the following XSA are not listed, because... - XSA-441 has patches for the Linux kernel. . xen (4.17.2-1) unstable; urgency=medium . * Update to new upstream version 4.17.2, which also contains security fixes for the following issues: (Closes: #1042102) - x86/AMD: Zenbleed XSA-433 CVE-2023-20593 - x86/AMD: Speculative Return Stack Overflow XSA-434 CVE-2023-20569 - x86/Intel: Gather Data Sampling XSA-435 CVE-2022-40982 - arm: Guests can trigger a deadlock on Cortex-A77 XSA-436 CVE-2023-34320 * Note that the following XSA are not listed, because... - XSA-432 has patches for the Linux kernel. Checksums-Sha1: d61e2bbfa98c38898a091711e48cffbe2fbdb467 4522 xen_4.17.2+76-ge1f9cb16e2-1~deb12u1.dsc fa5d46e9a5a506de7de24ee592f2e6c92221fa3b 136800 xen_4.17.2+76-ge1f9cb16e2-1~deb12u1.debian.tar.xz Checksums-Sha256: da5ad079ffc53f0d87f701dece3cdf936c3fa8f3dfcd03a7b031bc5e7fe3b1ce 4522 xen_4.17.2+76-ge1f9cb16e2-1~deb12u1.dsc 30d06e10eb6ad4b2758f02968db1d741669be6bc23b5cbaf828c075ec6a46445 136800 xen_4.17.2+76-ge1f9cb16e2-1~deb12u1.debian.tar.xz Files: 8bc5dc13ab2b089af17ccad33a08b8f5 4522 admin optional xen_4.17.2+76-ge1f9cb16e2-1~deb12u1.dsc c056b8eb8fcfb43d2fb5609b8e2064d4 136800 admin optional xen_4.17.2+76-ge1f9cb16e2-1~deb12u1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEESWyddwNaG9637koYssHfcmNhX2wFAmVroNoACgkQssHfcmNh X2zxrQ/9FEQo6A+p9dulVYdC2I820tkqOj/bM5yG8pRcodHAAiuXJMTDZ9A5XNOk 6xpp2z1qY0/N0XiEEBkFbxK0a7oLSZTUxSouaugBGoeo26ebWqBBkziM784Ae6F5 6YqYGhHLpvB+q1agzb14qcqu4+rvgfuA0awyLRNersD5k1DYB8oM4gSH7GHdkuUh lxwwdkFXC4vZWEQENDvP6iLaFFXmxe9+q6RZgyuU1s1+Wp1ThBDBQbZfpBFxgv/Q Pj51o/N00XyKmtwkD1aMeGYhIuCSOjWWqW+RNQYda5Idr+jsiHAupa3UWj+PzihK nar01GIG1g50SL2JS5YC0wx2TAr1JCNqQxcMhNq1Znrq0FptymoZBQ2u94HT7aco XbvYciI2YT42VHtzl9icBBow+cSvV+NL228sDfwfYqj5Ixns95xfpGOnv7udSJ5L IHRNdSUogBQyU+ScwNp+vJgP+GKVKqQn3e1zZOBJTUIafMg/uUqn7YvIfXL3lkPJ Ki8oR9bvS5bqUOAiKHmC5kQYc5uTsdMlKGTpHPuzqxj64lHGnEUDFNkmfen9W5As fERsYKmbBzNvCbQfpnHqq/AG5qgnChF/cZnhWIBAW/6YBEA8jWTEsTuqVb8XC5nK r7LTv0I8NTQbNxIYx5il6SxbBbcbb8mpbLENl1ogxyye+gde9bI= =XMKi -----END PGP SIGNATURE-----