Debian Package Tracker

general

source: xen (main)
version: 4.11.1+92-g6c33308a8d-2
maintainer: Debian Xen Team (archive) [DMD]
uploaders: Guido Trotter [DMD] – Ian Jackson [DMD] – Bastian Blank [DMD]
arch: all amd64 arm64 armhf i386
std-ver: 3.9.4
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

oldstable: 4.4.1-9+deb8u10
old-sec: 4.4.4lts4-0+deb8u1
stable: 4.8.5+shim4.10.2+xsa282-1+deb9u11
stable-sec: 4.8.5+shim4.10.2+xsa282-1+deb9u11
testing: 4.11.1+26-g87f51bf366-3
unstable: 4.11.1+92-g6c33308a8d-2

versioned links

4.4.1-9+deb8u10: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
4.4.4lts4-0+deb8u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
4.8.5+shim4.10.2+xsa282-1+deb9u11: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
4.11.1+26-g87f51bf366-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
4.11.1+92-g6c33308a8d-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libxen-dev
libxencall1
libxendevicemodel1
libxenevtchn1
libxenforeignmemory1
libxengnttab1
libxenmisc4.11
libxenstore3.0
libxentoolcore1
libxentoollog1
xen-doc
xen-hypervisor-4.11-amd64 (3 bugs: 0, 3, 0, 0)
xen-hypervisor-4.11-arm64
xen-hypervisor-4.11-armhf
xen-hypervisor-common
xen-system-amd64 (1 bugs: 0, 0, 1, 0)
xen-system-arm64
xen-system-armhf
xen-utils-4.11
xen-utils-common (5 bugs: 0, 3, 2, 0)
xenstore-utils

action needed

Standards version of the package is outdated. high

The package is severely out of date with respect to the Debian Policy. The package should be updated to follow the last version of Debian Policy (Standards-Version 4.3.0 instead of 3.9.4).

Created: 2014-08-10 Last update: 2019-06-24 19:44

13 security issues in buster high

There are 13 open security issues in buster.

13 important issues:

TEMP-0929993-839329:
TEMP-0929995-4F975A:
CVE-2018-12130: Microarchitectural Fill Buffer Data Sampling (MFBDS): Fill buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf
TEMP-0929992-A28E7B:
TEMP-0929991-F97A6B:
TEMP-0929996-4E12B0:
CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf
TEMP-0929998-341CE5:
CVE-2018-12127: Microarchitectural Load Port Data Sampling (MLPDS): Load ports on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf
TEMP-0929999-332628:
TEMP-0929994-6BCADF:
CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS): Store buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf
TEMP-0930001-09CDD1:

Please fix them.

Created: 2019-03-05 Last update: 2019-06-24 19:31

13 security issues in stretch high

There are 13 open security issues in stretch.

13 important issues:

TEMP-0929993-839329:
TEMP-0929995-4F975A:
CVE-2018-12130: Microarchitectural Fill Buffer Data Sampling (MFBDS): Fill buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf
TEMP-0929992-A28E7B:
TEMP-0929991-F97A6B:
TEMP-0929996-4E12B0:
CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf
TEMP-0929998-341CE5:
CVE-2018-12127: Microarchitectural Load Port Data Sampling (MLPDS): Load ports on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf
TEMP-0929999-332628:
TEMP-0929994-6BCADF:
CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS): Store buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf
TEMP-0930001-09CDD1:

Please fix them.

Created: 2019-03-05 Last update: 2019-06-24 19:31

26 security issues in jessie high

There are 26 open security issues in jessie.

21 important issues:

TEMP-0929993-839329:
CVE-2018-3639: Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.
TEMP-0929995-4F975A:
CVE-2018-12130: Microarchitectural Fill Buffer Data Sampling (MFBDS): Fill buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf
CVE-2018-19966: An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service (host OS crash) or possibly gain host OS privileges because of an interpretation conflict for a union data structure associated with shadow paging. NOTE: this issue exists because of an incorrect fix for CVE-2017-15595.
TEMP-0929992-A28E7B:
CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf
CVE-2018-3620: Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault and a side-channel analysis.
TEMP-0929996-4E12B0:
CVE-2018-19965: An issue was discovered in Xen through 4.11.x allowing 64-bit PV guest OS users to cause a denial of service (host OS crash) because #GP[0] can occur after a non-canonical address is passed to the TLB flushing code. NOTE: this issue exists because of an incorrect CVE-2017-5754 (aka Meltdown) mitigation.
CVE-2018-19961: An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly allowing guest OS users to gain host OS privileges because TLB flushes do not always occur after IOMMU mapping changes.
CVE-2018-19962: An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly allowing guest OS users to gain host OS privileges because small IOMMU mappings are unsafely combined into larger ones.
TEMP-0929991-F97A6B:
TEMP-0929998-341CE5:
CVE-2018-3646: Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis.
CVE-2018-12127: Microarchitectural Load Port Data Sampling (MLPDS): Load ports on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf
CVE-2018-3665: System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel.
TEMP-0929999-332628:
TEMP-0929994-6BCADF:
CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS): Store buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf
TEMP-0930001-09CDD1:

5 issues skipped by the security teams:

CVE-2016-9816: Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host crash) via vectors involving an asynchronous abort while at EL2.
CVE-2016-9817: Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host crash) via vectors involving a (1) data or (2) prefetch abort with the ESR_EL2.EA bit set.
CVE-2016-9815: Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host panic) by sending an asynchronous abort.
CVE-2016-9818: Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host crash) via vectors involving an asynchronous abort while at HYP.
CVE-2017-10919: Xen through 4.8.x mishandles virtual interrupt injection, which allows guest OS users to cause a denial of service (hypervisor crash), aka XSA-223.

Please fix them.

Created: 2015-07-12 Last update: 2019-06-24 19:31

lintian reports 6 errors and 55 warnings high

Lintian reports 6 errors and 55 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2019-04-12 Last update: 2019-04-12 07:50

2 bugs tagged patch in the BTS normal

The BTS contains patches fixing 2 bugs, consider including or untagging them.

Created: 2019-04-01 Last update: 2019-06-25 14:12

Depends on packages which need a new maintainer normal

The packages that xen depends on which need a new maintainer are:

dh-exec (#851746)
- Build-Depends: dh-exec
lsb (#924519)
- Build-Depends: lsb-release
- Depends: lsb-base
markdown (#466330)
- Build-Depends: markdown

Created: 2018-10-15 Last update: 2019-06-25 12:49

Does not build reproducibly during testing normal

A package building reproducibly enables third parties to verify that the source matches the distributed binaries. It has been identified that this source package produced different results, failed to build or had other issues in a test environment. Please read about how to improve the situation!

Created: 2016-04-06 Last update: 2019-06-25 09:34

Multiarch hinter reports 2 issue(s) normal

There are issues with the multiarch metadata for this package.

xen-hypervisor-common could be marked Multi-Arch: foreign
libxen-dev could be marked Multi-Arch: same

Created: 2018-10-11 Last update: 2019-06-25 09:09

Build log checks report 3 warnings low

Build log checks report 3 warnings

Created: 2019-06-20 Last update: 2019-06-20 02:01

testing migrations

excuses:
- Too young, only 1 of 2 days old
- Updating xen fixes old bugs: #929129
- Piuparts tested OK - https://piuparts.debian.org/sid/source/x/xen.html
- Ignoring block request by freeze, due to unblock request by ivodd
- Not considered

news

[rss feed]

[2019-06-24] Accepted xen 4.11.1+92-g6c33308a8d-2 (all amd64 source) into unstable (Hans van Kranenburg) (signed by: Ian Jackson)
[2019-06-19] Accepted xen 4.11.1+92-g6c33308a8d-1 (all amd64 source) into unstable (Hans van Kranenburg) (signed by: Ian Jackson)
[2019-03-11] xen 4.11.1+26-g87f51bf366-3 MIGRATED to testing (Debian testing watch)
[2019-02-28] Accepted xen 4.11.1+26-g87f51bf366-3 (all amd64 source) into unstable (Ian Jackson)
[2019-02-22] Accepted xen 4.11.1+26-g87f51bf366-2 (all amd64 source) into unstable (Ian Jackson)
[2019-01-29] Accepted xen 4.8.5+shim4.10.2+xsa282-1+deb9u11 (all amd64 source) into proposed-updates->stable-new, proposed-updates (Ian Jackson)
[2019-01-16] xen 4.11.1-1 MIGRATED to testing (Debian testing watch)
[2019-01-14] Accepted xen 4.8.5+shim4.10.2+xsa282-1+deb9u11 (all amd64 source) into stable->embargoed, stable (Ian Jackson)
[2019-01-10] Accepted xen 4.11.1-1 (all amd64 source) into unstable (Hans van Kranenburg) (signed by: Ian Jackson)
[2018-11-12] Accepted xen 4.4.4lts4-0+deb8u1 (source all amd64) into oldstable (Felix Geyer)
[2018-10-29] Accepted xen 4.4.4lts3-0+deb8u1 (source all amd64) into oldstable (Felix Geyer)
[2018-10-24] xen 4.11.1~pre.20180911.5acdd26fdc+dfsg-5 MIGRATED to testing (Debian testing watch)
[2018-10-18] Accepted xen 4.4.4lts2-0+deb8u1 (source all amd64) into oldstable (Felix Geyer)
[2018-10-15] Accepted xen 4.11.1~pre.20180911.5acdd26fdc+dfsg-5 (source) into unstable (Ian Jackson)
[2018-10-15] Accepted xen 4.11.1~pre.20180911.5acdd26fdc+dfsg-4 (source) into unstable (Ian Jackson)
[2018-10-12] Accepted xen 4.11.1~pre.20180911.5acdd26fdc+dfsg-3 (source) into unstable (Ian Jackson)
[2018-10-11] Accepted xen 4.11.1~pre.20180911.5acdd26fdc+dfsg-2 (all amd64 source) into unstable, unstable (Ian Jackson)
[2018-09-12] Accepted xen 4.11.1~pre.20180911.5acdd26fdc+dfsg-1~exp1 (amd64 source) into experimental, experimental (Hans van Kranenburg) (signed by: Ian Jackson)
[2018-09-05] Accepted xen 4.4.4lts1-0+deb8u1 (source all) into oldstable (Bastian Blank)
[2018-08-17] Accepted xen 4.8.4+xsa273+shim4.10.1+xsa273-1+deb9u10 (all amd64 source) into proposed-updates->stable-new, proposed-updates (Wolodja Wentland) (signed by: Ian Jackson)
[2018-08-16] Accepted xen 4.8.4+xsa273+shim4.10.1+xsa273-1+deb9u10 (all amd64 source) into stable->embargoed, stable (Wolodja Wentland) (signed by: Ian Jackson)
[2018-07-16] xen 4.8.3+xsa267+shim4.10.1+xsa267-1+deb9u9 MIGRATED to testing (Debian testing watch)
[2018-07-01] Accepted xen 4.8.3+xsa267+shim4.10.1+xsa267-1+deb9u9 (all amd64 source) into proposed-updates->stable-new, proposed-updates (Ian Jackson)
[2018-06-27] Accepted xen 4.8.3+xsa267+shim4.10.1+xsa267-1+deb9u9 (all amd64 source) into stable->embargoed, stable (Ian Jackson)
[2018-06-24] Accepted xen 4.8.3+xsa267+shim4.10.1+xsa267-1+deb9u8 (all amd64 source) into proposed-updates->stable-new, proposed-updates (Ian Jackson)
[2018-06-20] Accepted xen 4.8.3+xsa267+shim4.10.1+xsa267-1+deb9u8 (all amd64 source) into stable->embargoed, stable (Ian Jackson)
[2018-05-28] Accepted xen 4.8.3+xsa262+shim4.10.0+comet3-1+deb9u7 (all amd64 source) into proposed-updates->stable-new, proposed-updates (Ian Jackson)
[2018-05-28] Accepted xen 4.8.3+xsa262+shim4.10.0+comet3-1+deb9u6 (all amd64 source) into proposed-updates->stable-new, proposed-updates (Ian Jackson)
[2018-05-25] Accepted xen 4.1.6.lts1-14 (source all amd64) into oldoldstable (Felix Geyer)
[2018-05-25] Accepted xen 4.8.3+xsa262+shim4.10.0+comet3-1+deb9u7 (all amd64 source) into stable->embargoed, stable (Ian Jackson)

bugs [bug history graph]

all: 31 34
RC: 0
I&N: 21 24
M&W: 8
F&P: 2
patch: 2

links

homepage
lintian (6, 55)
buildd: logs, checks, clang, reproducibility, cross
popcon
browse source code
edit tags
security tracker

ubuntu

[Information about Ubuntu for Debian Developers]

version: 4.9.2-0ubuntu2
59 bugs (11 patches)
patches for 4.9.2-0ubuntu2