xen - Debian Package Tracker

general

source: xen (main)
version: 4.16.2+90-g0d39a6d1ae-1
maintainer: Debian Xen Team (archive) (DMD)
uploaders: Ian Jackson [DMD] – Hans van Kranenburg [DMD] [DM]
arch: amd64 arm64 armhf
std-ver: 4.5.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 4.8.5.final+shim4.10.4-1+deb9u12
o-o-sec: 4.8.5.final+shim4.10.4-1+deb9u12
oldstable: 4.11.4+107-gef32c7afa2-1
old-sec: 4.11.4+107-gef32c7afa2-1
stable: 4.14.5+24-g87d90d511c-1
stable-sec: 4.14.5+86-g1c354767d5-1
stable-p-u: 4.14.5+86-g1c354767d5-1
testing: 4.16.2+90-g0d39a6d1ae-1
unstable: 4.16.2+90-g0d39a6d1ae-1

versioned links

4.8.5.final+shim4.10.4-1+deb9u12: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
4.11.4+107-gef32c7afa2-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
4.14.5+24-g87d90d511c-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
4.14.5+86-g1c354767d5-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
4.16.2+90-g0d39a6d1ae-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libxen-dev
libxencall1
libxendevicemodel1
libxenevtchn1
libxenforeignmemory1
libxengnttab1
libxenhypfs1
libxenmisc4.16
libxenstore4
libxentoolcore1
libxentoollog1
xen-doc
xen-hypervisor-4.16-amd64
xen-hypervisor-4.16-arm64
xen-hypervisor-4.16-armhf
xen-hypervisor-common (1 bugs: 0, 1, 0, 0)
xen-system-amd64
xen-system-arm64
xen-system-armhf
xen-utils-4.16
xen-utils-common
xenstore-utils

action needed

5 security issues in bullseye high

There are 5 open security issues in bullseye.

1 important issue:

CVE-2022-23824: IBPB may not prevent return branch predictions from being specified by pre-IBPB branch targets leading to a potential information disclosure.

4 ignored issues:

CVE-2022-26365: Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742).
CVE-2022-33740: Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742).
CVE-2022-33741: Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742).
CVE-2022-33742: Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742).

Created: 2022-07-04 Last update: 2022-11-23 23:38

1 bug tagged patch in the BTS normal

The BTS contains patches fixing 1 bug, consider including or untagging them.

Created: 2022-07-27 Last update: 2022-11-27 11:05

Depends on packages which need a new maintainer normal

The packages that xen depends on which need a new maintainer are:

markdown (#466330)
- Build-Depends: markdown

Created: 2019-11-22 Last update: 2022-11-27 10:06

Multiarch hinter reports 2 issue(s) normal

There are issues with the multiarch metadata for this package.

xen-doc could be converted to Architecture: all and marked Multi-Arch: foreign
libxen-dev could be marked Multi-Arch: same

Created: 2022-03-30 Last update: 2022-11-27 09:03

lintian reports 51 warnings normal

Lintian reports 51 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2022-11-16 Last update: 2022-11-17 03:40

Build log checks report 2 warnings low

Build log checks report 2 warnings

Created: 2019-06-20 Last update: 2020-12-15 15:31

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.6.1 instead of 4.5.0).

Created: 2014-08-10 Last update: 2022-11-16 20:38

news

[rss feed]

[2022-11-21] xen 4.16.2+90-g0d39a6d1ae-1 MIGRATED to testing (Debian testing watch)
[2022-11-19] Accepted xen 4.14.5+86-g1c354767d5-1 (source amd64 all) into proposed-updates (Debian FTP Masters) (signed by: Moritz Mühlenhoff)
[2022-11-16] Accepted xen 4.16.2+90-g0d39a6d1ae-1 (source) into unstable (Hans van Kranenburg)
[2022-11-06] Accepted xen 4.14.5+86-g1c354767d5-1 (source amd64 all) into stable-security (Debian FTP Masters) (signed by: Moritz Mühlenhoff)
[2022-10-04] xen 4.16.2-2 MIGRATED to testing (Debian testing watch)
[2022-09-28] Accepted xen 4.16.2-2 (source) into unstable (Hans van Kranenburg)
[2022-08-28] xen 4.16.2-1 MIGRATED to testing (Debian testing watch)
[2022-08-23] Accepted xen 4.16.2-1 (source) into unstable (Hans van Kranenburg)
[2022-07-17] Accepted xen 4.14.5+24-g87d90d511c-1 (source amd64 all) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: Moritz Mühlenhoff)
[2022-07-15] Accepted xen 4.14.5+24-g87d90d511c-1 (source amd64 all) into stable-security->embargoed, stable-security (Debian FTP Masters) (signed by: Moritz Mühlenhoff)
[2022-05-16] xen 4.16.1-1 MIGRATED to testing (Debian testing watch)
[2022-05-09] Accepted xen 4.16.1-1 (source) into unstable (Hans van Kranenburg)
[2022-04-20] xen 4.16.0+51-g0941d6cb-1 MIGRATED to testing (Debian testing watch)
[2022-04-20] xen 4.16.0+51-g0941d6cb-1 MIGRATED to testing (Debian testing watch)
[2022-04-17] Accepted xen 4.14.4+74-gd7b22226b5-1 (source amd64 all) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: Moritz Mühlenhoff)
[2022-04-10] Accepted xen 4.14.4+74-gd7b22226b5-1 (source amd64 all) into stable-security->embargoed, stable-security (Debian FTP Masters) (signed by: Moritz Mühlenhoff)
[2022-02-19] Accepted xen 4.16.0+51-g0941d6cb-1 (source) into unstable (Hans van Kranenburg)
[2022-02-04] Accepted xen 4.16.0-1~exp1 (all amd64 source) into experimental, experimental (Debian FTP Masters) (signed by: Ian Jackson)
[2021-12-05] Accepted xen 4.14.3+32-g9de3671772-1~deb11u1 (source amd64 all) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: Moritz Mühlenhoff)
[2021-12-05] Accepted xen 4.14.3+32-g9de3671772-1~deb11u1 (source amd64 all) into stable-security->embargoed, stable-security (Debian FTP Masters) (signed by: Moritz Mühlenhoff)
[2021-12-04] xen 4.14.3+32-g9de3671772-1 MIGRATED to testing (Debian testing watch)
[2021-11-28] Accepted xen 4.14.3+32-g9de3671772-1 (source) into unstable (Hans van Kranenburg)
[2021-09-25] Accepted xen 4.14.3-1~deb11u1 (source amd64 all) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: Moritz Mühlenhoff)
[2021-09-22] xen 4.14.3-1 MIGRATED to testing (Debian testing watch)
[2021-09-20] Accepted xen 4.14.3-1~deb11u1 (source amd64 all) into stable-security->embargoed, stable-security (Debian FTP Masters) (signed by: Moritz Mühlenhoff)
[2021-09-13] Accepted xen 4.14.3-1 (source) into unstable (Hans van Kranenburg)
[2021-08-07] xen 4.14.2+25-gb6a8c4f72d-2 MIGRATED to testing (Debian testing watch)
[2021-08-02] Accepted xen 4.14.2+25-gb6a8c4f72d-2 (source) into unstable (Hans van Kranenburg)
[2021-07-12] Accepted xen 4.14.2+25-gb6a8c4f72d-1 (source) into unstable (Hans van Kranenburg)
[2021-06-21] Accepted xen 4.11.4+107-gef32c7afa2-1 (source amd64 all) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: Moritz Mühlenhoff)

bugs [bug history graph]

all: 28
RC: 0
I&N: 17
M&W: 11
F&P: 0
patch: 1

links

homepage
lintian (0, 51)
buildd: logs, checks, reproducibility, cross
popcon
browse source code
edit tags
other distros
security tracker

ubuntu

[Information about Ubuntu for Debian Developers]

version: 4.16.2-1
58 bugs (7 patches)