-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 30 Nov 2025 16:57:07 +0100 Source: xen Architecture: source Version: 4.20.2+7-g1badcf5035-0+deb13u1 Distribution: trixie-security Urgency: medium Maintainer: Debian Xen Team <pkg-xen-devel@lists.alioth.debian.org> Changed-By: Maximilian Engelhardt <maxi@daemonizer.de> Closes: 1105193 1120075 Changes: xen (4.20.2+7-g1badcf5035-0+deb13u1) trixie-security; urgency=medium . Significant changes: * Update to new upstream version 4.20.2+7-g1badcf5035, which also contains security fixes for the following issues: (Closes: #1105193) (Closes: #1120075) - x86: Indirect Target Selection XSA-469 CVE-2024-28956 - x86: Incorrect stubs exception handling for flags recovery XSA-470 CVE-2025-27465 - x86: Transitive Scheduler Attacks XSA-471 CVE-2024-36350 CVE-2024-36357 - Multiple vulnerabilities in the Viridian interface XSA-472 CVE-2025-27466 CVE-2025-58142 CVE-2025-58143 - Arm issues with page refcounting XSA-473 CVE-2025-58144 CVE-2025-58145 - x86: Incorrect input sanitisation in Viridian hypercalls XSA-475 CVE-2025-58147 CVE-2025-58148 - Incorrect removal of permissions on PCI device unplug XSA-476 CVE-2025-58149 * Note that the following XSA are not listed, because... - XSA-468 applies to Windows PV drivers - XSA-474 applies to XAPI which is not included in Debian . Packaging minor fixes and improvements: * debian/salsa-ci.yml: adjust for trixie and new salsa-ci pipeline Checksums-Sha1: 17554dec0ff099ceac4041ad7e001a29c09f543c 4047 xen_4.20.2+7-g1badcf5035-0+deb13u1.dsc 24bd3f07ebb7c56981501afc2375370c5d571222 4953752 xen_4.20.2+7-g1badcf5035.orig.tar.xz cfe93818e61d4abb4c3182bc191752437c3514dc 138828 xen_4.20.2+7-g1badcf5035-0+deb13u1.debian.tar.xz Checksums-Sha256: 09ef5bf1580062cd1062ca29bd552cb0211fd2ef0f43014dac5e08e2bd98fbb6 4047 xen_4.20.2+7-g1badcf5035-0+deb13u1.dsc 8476bb9e37fd8f7d7a0e465d43767697258120b1362575110a9c377aca026483 4953752 xen_4.20.2+7-g1badcf5035.orig.tar.xz 3c5800f5e0a4ff94eb0ced70d82b18cfc7cd3c6eaa2c5a27fc6cdfd1b514e5c5 138828 xen_4.20.2+7-g1badcf5035-0+deb13u1.debian.tar.xz Files: 49e94e2c83385560291daa245f0af047 4047 admin optional xen_4.20.2+7-g1badcf5035-0+deb13u1.dsc d6ff179cc60c91c5bd2fbf5f04b0012f 4953752 admin optional xen_4.20.2+7-g1badcf5035.orig.tar.xz 609b59eb39922a2f3a73119d5b0218ea 138828 admin optional xen_4.20.2+7-g1badcf5035-0+deb13u1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmku1SIACgkQEMKTtsN8 TjYlCQ/7BGqomQ63yd8vBYyV8wtnYkjint6vMiAAvfLPiPmOmEVYI/Ffi/2nD90v n8OZ00Ezpd5lj3WfjTryNe1xrsI4prdCw79E9WrEFjJ9nrQ2n8AGtYyHd2dNg9Dh TdM/u8xqg8gipYbgbvMvnKghyhZaGdFNtu/qyjys9BwpETg2Gl4VI7FilzfC2ASW 2VqmtKfyvTH1BxUtW68CWs8pjso/VwQR3DKopcCp0caDK4J8fGdX45Kpi8hNMSP0 yqM/fbeY+N+rMSSVXFRli4MWvm5DapzOg2GIBenHhfQyjw5Y73DrCpMj3sfvMnBT BUC8VdlBNCamreOxtWH0n9KIKYU3MLgN8rJ9Pcg9M25ZRgSLXBlU5caCZhd4h8sS iNeujrtzvu1ZtP7eeK+u0BE7h0Fn/MUxwP6P9h2VsW7lEH+rL3v62xiYCIqWbW6i jEajrHgIghufppSnLCIf5Lc5O8z/V35tZonEUpSy25nxYOtfiy4h1Oz13R24nPtS +Xbminl5nbSpIlIBO1KHkzGnUFm+bXivZpnAP2Y0WVnURgAfnNeT7OtZoYMOlWcq ayyK/CpwGfwF7Y7RbzyrzDYs5aClnazIA5H8meDMo0YpsLLzgu1vZ4PNaikL931L Fm0w/caz6feF/l6mhwEhlxM1bm6LEFl+2Ur5H4VJ+74b4iUMNlI= =nChq -----END PGP SIGNATURE-----
