-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 17 May 2016 08:29:54 +1000
Source: xen
Binary: xen-docs-4.1 libxen-4.1 libxenstore3.0 libxen-dev xenstore-utils libxen-ocaml libxen-ocaml-dev xen-utils-common xen-utils-4.1 xen-hypervisor-4.1-amd64 xen-system-amd64 xen-hypervisor-4.1-i386 xen-system-i386
Architecture: source all i386
Version: 4.1.6.1-1+deb7u1
Distribution: wheezy-security
Urgency: high
Maintainer: Debian Xen Team <pkg-xen-devel@lists.alioth.debian.org>
Changed-By: Brian May <bam@debian.org>
Description:
libxen-4.1 - Public libs for Xen
libxen-dev - Public headers and libs for Xen
libxen-ocaml - OCaml libraries for controlling Xen
libxen-ocaml-dev - OCaml libraries for controlling Xen (devel package)
libxenstore3.0 - Xenstore communications library for Xen
xen-docs-4.1 - Documentation for Xen
xen-hypervisor-4.1-amd64 - Xen Hypervisor on AMD64
xen-hypervisor-4.1-i386 - Xen Hypervisor on i386
xen-system-amd64 - Xen System on AMD64 (meta-package)
xen-system-i386 - Xen System on i386 (meta-package)
xen-utils-4.1 - XEN administrative tools
xen-utils-common - Xen administrative tools - common files
xenstore-utils - Xenstore utilities for Xen
Changes:
xen (4.1.6.1-1+deb7u1) wheezy-security; urgency=high
.
[ Antoine Beaupré ]
* Switch to latest 4.1.6.1 release to remove bitrot on our side and
facilitate merging with the more up-to-date Ubuntu patchset
* Refresh patches to match upstream:
* upstream-23936:cdb34816a40a-rework
* upstream-23939:51288f69523f-rework
* Remove patches covered by 4.1.6.1 upstream release:
* CVE-2013-1918-*
* xsa55/* (CVE-2013-2194, CVE-2013-2195, CVE-2013-2196)
* CVE-2013-1952
* CVE-2013-2076
* CVE-2013-2077
* CVE-2013-2078
* CVE-2013-2072
* CVE-2013-2211
* CVE-2013-1432
* CVE-2013-4329 (XSA-61)
* Remove patches covered by 4.1.5 upstream release:
* CVE-2012-5634
* CVE-2013-0153-*
* CVE-2012-6075-*
* CVE-2013-1917
* CVE-2013-1919
* CVE-2013-1920
* CVE-2013-1964
* Other patches factored in upstream:
* .xz decompressor: upstream-23001\:9eb9948904cd upstream-23002:eb64b8f8eebb
* New security fixes by upstream 4.1.5:
* CVE-2013-0215 (XSA-38, initially NFU)
* Import the following patches from Ubuntu to fix pending CVEs - unless
otherwise noted in parenthesis, we were known vulnerable:
* CVE-2013-4370: xsa69.patch (not-affected?)
* CVE-2013-4416: xsa72.patch (NFU, Ocaml)
* CVE-2013-4554: xsa76.patch (not-affected?)
* CVE-2013-6885: xsa82.patch (Linux-only?)
* CVE-2014-1666: xsa87-4.1.patch (not-affected)
* CVE-2014-1891: xsa84-4.1.patch (NFU, XSM)
* CVE-2014-1892: xsa84-4.1.patch (NFU, XSM)
* CVE-2014-1893: xsa84-4.1.patch (NFU, XSM)
* CVE-2014-1894: xsa84-4.1.patch (NFU, XSM)
* CVE-2014-5149: xsa97-hap-4.1-prereq.patch (NFU: minor)
* CVE-2014-5149: xsa97-hap-4.2-prereq.patch (NFU: minor)
* CVE-2014-5149: xsa97-hap-4.2.patch (NFU: minor)
* CVE-2015-2152: xsa119-4.2.patch (NFU: xl, minor)
* CVE-2015-2752: xsa125-4.2.patch
* CVE-2015-2756: xsa126-qemut.patch
* CVE-2015-5154: xsa138-qemut-1.patch (not-affected?)
* CVE-2015-5154: xsa138-qemut-2.patch (not-affected?)
* CVE-2015-5165: xsa140-backport.patch (no-dsa)
* CVE-2015-5307: xsa156-4.2.patch
* CVE-2015-7504: xsa162-qemut.patch
* CVE-2015-7969: xsa149.patch
* CVE-2015-7969: xsa151.patch
* CVE-2015-7970: xsa150-4.1.patch (no-dsa)
* CVE-2015-7971: xsa152-4.5.patch
* CVE-2015-7972: xsa153-libxl-4.2.patch (no-dsa, xl)
* CVE-2015-8104: xsa156-4.2.patch
* CVE-2015-8339: xsa159.patch
* CVE-2015-8340: xsa159.patch
* CVE-2015-8550: xsa155-qemut-qdisk-double-access.patch
* CVE-2015-8550: xsa155-qemut-xenfb.patch
* CVE-2015-8550: xsa155-xen-0001-xen-Add-RING_COPY_REQUEST.patch
* CVE-2015-8550: xsa155-xen-0002-blktap2-Use-RING_COPY_REQUEST.patch
* CVE-2015-8554: xsa164.patch
* CVE-2015-8555: xsa165-4.1.patch
* CVE-2015-8615: xsa169.patch
* CVE-2016-1570: xsa167-4.4.patch
* CVE-2016-1571: xsa168.patch
* CVE-2016-2270: xsa154-4.1.patch
* CVE-2016-2271: xsa170-4.3.patch
.
[ Brian May ]
* Non-maintainer upload by the LTS Team.
Checksums-Sha1:
bb4af56fe34a12795fc3d9ac1747862a194a5b38 3063 xen_4.1.6.1-1+deb7u1.dsc
300261d9fc271ea7d9c25634efa2b73fbdf9a90e 3724988 xen_4.1.6.1.orig-qemu.tar.gz
e5f15feb0821578817a65ede16110c6eac01abd0 10428485 xen_4.1.6.1.orig.tar.gz
20ab363dcc273085fdc7827f2f0d34443252d7f0 202984 xen_4.1.6.1-1+deb7u1.debian.tar.gz
5fe8a9131b162292ebaaee14e73ef1607eb1aaae 1173528 xen-docs-4.1_4.1.6.1-1+deb7u1_all.deb
d6de328c6c668f11fcf9465dd10455b2b014e41f 82204 xen-utils-common_4.1.6.1-1+deb7u1_all.deb
1e48dcfa2b707bed2c5ce47dce240478eac16373 772976 xen-hypervisor-4.1-amd64_4.1.6.1-1+deb7u1_i386.deb
24491ca08d155082bc6af3fe16935139fe06d749 19688 xen-system-amd64_4.1.6.1-1+deb7u1_i386.deb
400c1e0ea5112ad9730fe3c3016b96a65dc6e388 656686 xen-hypervisor-4.1-i386_4.1.6.1-1+deb7u1_i386.deb
ae693189aac19f0d810ee0648836e85cf7cb8bba 19682 xen-system-i386_4.1.6.1-1+deb7u1_i386.deb
a35b25957d8b15610d4a5417f73889a1370b40b8 150232 libxen-4.1_4.1.6.1-1+deb7u1_i386.deb
d110effaa9a3916a42be9e6ac396d7c7f6095d23 291822 libxen-dev_4.1.6.1-1+deb7u1_i386.deb
5bef898024086382b0aff1980625f3a733be2248 31256 libxenstore3.0_4.1.6.1-1+deb7u1_i386.deb
868fecdc8c67db1b38df55b7d8580f1e98fcf204 1631236 xen-utils-4.1_4.1.6.1-1+deb7u1_i386.deb
18f28eee677ce9f7d5b932228eced1b9caa3c2f1 27610 xenstore-utils_4.1.6.1-1+deb7u1_i386.deb
876d3b57e5574d8ff9387f088636c29b4d8f2310 90268 libxen-ocaml-dev_4.1.6.1-1+deb7u1_i386.deb
4c8493f7af765a8449b792bfb47919f85ad2797b 65284 libxen-ocaml_4.1.6.1-1+deb7u1_i386.deb
Checksums-Sha256:
1f194ed9d91f997f2af43dd552105237f1d034e4c55959ee533324388cbbe957 3063 xen_4.1.6.1-1+deb7u1.dsc
7f9a408a97d97fcb29081ce24689a93cc2f43c29adbe14617d831586b5c0ef04 3724988 xen_4.1.6.1.orig-qemu.tar.gz
1563dbf48e2935dae5f49003dfa448847c88b90a27eae35dc1d26c990dfeb970 10428485 xen_4.1.6.1.orig.tar.gz
40e6796baecc3b2de894bc1d737ba58caa7651d266d231d8c40da4eaa470f29a 202984 xen_4.1.6.1-1+deb7u1.debian.tar.gz
2a0620d6e7c7d55b6b1d6455970073fbd9e56db6315cb40313d815aca78c4959 1173528 xen-docs-4.1_4.1.6.1-1+deb7u1_all.deb
b9531d845e29d2119343f8120319439e7b69b3b83abb79f5fc44a0389972178b 82204 xen-utils-common_4.1.6.1-1+deb7u1_all.deb
d79eada6b4de935cde8fc065464c2b119ad6720e895fbd4743346fbae9c1dd56 772976 xen-hypervisor-4.1-amd64_4.1.6.1-1+deb7u1_i386.deb
0e2ec5f47fefc81f612981f2b63beb2bd42a265bbb854c982e0e3726a71c23af 19688 xen-system-amd64_4.1.6.1-1+deb7u1_i386.deb
25ffeb8f7176091aaff8c39bc1947c8e76a64e983c959b1afa08361b7d6a4a24 656686 xen-hypervisor-4.1-i386_4.1.6.1-1+deb7u1_i386.deb
08143bf0b3abcac8700028e7456522ad6d758684688ff93e35fce6d7370418d9 19682 xen-system-i386_4.1.6.1-1+deb7u1_i386.deb
39739a210275d745a3603eb7df16bc7b6767f17cdcddb97d7f4a63a7d19db973 150232 libxen-4.1_4.1.6.1-1+deb7u1_i386.deb
6a38376aebe9084ea82800470f96e30dbea1a2a420129f50b1201a54c71877c0 291822 libxen-dev_4.1.6.1-1+deb7u1_i386.deb
935b9568ee8716a49f87059b03ae870a7b9cdc55ed2832b16a22f40de6a7e060 31256 libxenstore3.0_4.1.6.1-1+deb7u1_i386.deb
c2ec153a464d0e95a65dd64b58f69cea26b2665d245838713d0c47949ecce05a 1631236 xen-utils-4.1_4.1.6.1-1+deb7u1_i386.deb
bc4b676f5762247c6c77ffc97fa650f35f567c9ae81b2b54b6cabf6acbab4dff 27610 xenstore-utils_4.1.6.1-1+deb7u1_i386.deb
d03c70af2f12e206beccddc930b06da6d68b8b431b8379e73b63f677c7281e23 90268 libxen-ocaml-dev_4.1.6.1-1+deb7u1_i386.deb
990228a392094109224a7ce74cc1becfa536898888d700cf196bc59f206bdaf5 65284 libxen-ocaml_4.1.6.1-1+deb7u1_i386.deb
Files:
e726d65defc0353735c8a84ebad558e9 3063 kernel optional xen_4.1.6.1-1+deb7u1.dsc
44da6ff14b6d237e5436cc78c837539a 3724988 kernel optional xen_4.1.6.1.orig-qemu.tar.gz
c628547e306b2ae913a9ce9bf57cc746 10428485 kernel optional xen_4.1.6.1.orig.tar.gz
da51c04885bcdfffcc02c39191712438 202984 kernel optional xen_4.1.6.1-1+deb7u1.debian.tar.gz
ca8b2c8b2950780dbfb19e8fd5cb25bb 1173528 doc optional xen-docs-4.1_4.1.6.1-1+deb7u1_all.deb
2892dcaf043a3079557530cd19fee94c 82204 kernel optional xen-utils-common_4.1.6.1-1+deb7u1_all.deb
ab241d6f5ab8bbbef0d666121f5b7af2 772976 kernel optional xen-hypervisor-4.1-amd64_4.1.6.1-1+deb7u1_i386.deb
ff0c8c53ac4f722372cd6879030a6c91 19688 kernel optional xen-system-amd64_4.1.6.1-1+deb7u1_i386.deb
d48aa598d9bd2c9bad4f625b9b2be6b7 656686 kernel optional xen-hypervisor-4.1-i386_4.1.6.1-1+deb7u1_i386.deb
8d9ebd365cf5667e8b4bd77f5e7b3f7d 19682 kernel optional xen-system-i386_4.1.6.1-1+deb7u1_i386.deb
dd4a576559bbcda09501575192864ef8 150232 libs optional libxen-4.1_4.1.6.1-1+deb7u1_i386.deb
092c3cd4e9030fdc66a1a162341d9e2e 291822 libdevel optional libxen-dev_4.1.6.1-1+deb7u1_i386.deb
e724a67d0f449d4e9ed287e5ae07231c 31256 libs optional libxenstore3.0_4.1.6.1-1+deb7u1_i386.deb
1e9020d321b50b5764826a9247166624 1631236 kernel optional xen-utils-4.1_4.1.6.1-1+deb7u1_i386.deb
26da71ac1c5a9c06f97dc6be4703ccff 27610 admin optional xenstore-utils_4.1.6.1-1+deb7u1_i386.deb
a873deefdf7a95b18b220eb1e71fb783 90268 ocaml optional libxen-ocaml-dev_4.1.6.1-1+deb7u1_i386.deb
51bbca8f730add648b20be533ca50eb4 65284 ocaml optional libxen-ocaml_4.1.6.1-1+deb7u1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJXOk5LAAoJEBeEV3+BH26sMoMQAIEDqJ7oidAx++zVQo7QR/A9
xQwBDUui5ktusI6cyfVD6qps1Mael7rrKcL58Q+3LRxy/sQMRUsFBtsd+Cc6qpoU
EXpKQjWRY8Tcg0PPN7JLtRt9p/Dt5sSsEXqUwPOJ569XynFgpOO9zKchX1s1hMZJ
m8USZCoTzbhQvGFxOxJ5mn6MdhCOIf7FZr3fiNsnzKB4vHJyhi9pGerfunsYtP4x
pOgEQoqv1C6ifcvrmIWkXUyF0XrfLePTBd1RhhMq0qdniOOSrgQnRbA6JyKt2dkm
VFAZDoK66iKj5gQY/+XkDu9C5FFg9fMko1X71EFCkBQmh17Y2K9E6sN6ndvOVFnU
L50MrorgJ8F0u4AX9WYFV+lmpS/VtHVloI0WrK0mG6VQA0YCYTh3wzdyMcuXXZbz
zR94CwnpFC0Ob7HWiw2twbJPMzdTisZdEyTBFRV25lHqngbcar7ughOcn5HOAnF8
izMimeb0qxe7WyZMxr+tzpQfJCFnkVQhFr3TA/cyAuyFQ1UHv6mHzgp7P40j1FZm
lJxwIj6W+pqAP2uFd9LKC3ZlLrMHGoJezsDFquhCyHijQNUheTvKi7VzIyk8F31a
ecn+I6SyOzZkzrLN2sGol/U/fp105E1sU/epz2ET1CRmIjppej28Pt4ELFIkBtHk
u1Sdu+OpKTwG5+vF3mDj
=sPop
-----END PGP SIGNATURE-----
