Debian Package Tracker

general

source: xen (source, kernel)
version: 4.8.1-1+deb9u3
maintainer: Debian Xen Team (archive) [DMD]
uploaders: Guido Trotter [DMD] – Ian Jackson [DMD] – Bastian Blank [DMD]
arch: all amd64 arm64 armhf i386
std-ver: 3.9.4

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 4.1.4-3+deb7u9
o-o-sec: 4.1.6.lts1-9
oldstable: 4.4.1-9+deb8u9
old-sec: 4.4.1-9+deb8u10
old-p-u: 4.4.1-9+deb8u10
stable: 4.8.1-1+deb9u3
stable-sec: 4.8.1-1+deb9u3
testing: 4.8.1-1+deb9u3
unstable: 4.8.1-1+deb9u3

versioned links

4.1.4-3+deb7u9: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
4.1.6.lts1-9: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
4.4.1-9+deb8u9: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
4.4.1-9+deb8u10: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
4.8.1-1+deb9u3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libxen-4.8
libxen-dev
libxenstore3.0
xen-hypervisor-4.8-amd64
xen-hypervisor-4.8-arm64
xen-hypervisor-4.8-armhf
xen-system-amd64
xen-system-arm64
xen-system-armhf
xen-utils-4.8
xen-utils-common
xenstore-utils

action needed

12 security issues in sid

high

There are 12 open security issues in sid.

12 important issues:

CVE-2017-15594: An issue was discovered in Xen through 4.9.x allowing x86 SVM PV guest OS users to cause a denial of service (hypervisor crash) or gain privileges because IDT settings are mishandled during CPU hotplugging.
CVE-2017-15595: An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to cause a denial of service (unbounded recursion, stack consumption, and hypervisor crash) or possibly gain privileges via crafted page-table stacking.
CVE-2017-15592: An issue was discovered in Xen through 4.9.x allowing x86 HVM guest OS users to cause a denial of service (hypervisor crash) or possibly gain privileges because self-linear shadow mappings are mishandled for translated guests.
CVE-2017-15593: An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to cause a denial of service (memory leak) because reference counts are mishandled.
CVE-2017-15590: An issue was discovered in Xen through 4.9.x allowing x86 guest OS users to cause a denial of service (hypervisor crash) or possibly gain privileges because MSI mapping was mishandled.
CVE-2017-15591: An issue was discovered in Xen 4.5.x through 4.9.x allowing attackers (who control a stub domain kernel or tool stack) to cause a denial of service (host OS crash) because of a missing comparison (of range start to range end) within the DMOP map/unmap implementation.
CVE-2017-15589: An issue was discovered in Xen through 4.9.x allowing x86 HVM guest OS users to obtain sensitive information from the host OS (or an arbitrary guest OS) because intercepted I/O operations can cause a write of data from uninitialized hypervisor stack memory.
CVE-2017-15588: An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to execute arbitrary code on the host OS because of a race condition that can cause a stale TLB entry.
CVE-2017-14319: A grant unmapping issue was discovered in Xen through 4.9.x. When removing or replacing a grant mapping, the x86 PV specific path needs to make sure page table entries remain in sync with other accounting done. Although the identity of the page frame was validated correctly, neither the presence of the mapping nor page writability were taken into account.
CVE-2017-14318: An issue was discovered in Xen 4.5.x through 4.9.x. The function `__gnttab_cache_flush` handles GNTTABOP_cache_flush grant table operations. It checks to see if the calling domain is the owner of the page that is to be operated on. If it is not, the owner's grant table is checked to see if a grant mapping to the calling domain exists for the page in question. However, the function does not check to see if the owning domain actually has a grant table or not. Some special domains, such as `DOMID_XEN`, `DOMID_IO` and `DOMID_COW` are created without grant tables. Hence, if __gnttab_cache_flush operates on a page owned by these special domains, it will attempt to dereference a NULL pointer in the domain struct.
CVE-2017-14317: A domain cleanup issue was discovered in the C xenstore daemon (aka cxenstored) in Xen through 4.9.x. When shutting down a VM with a stubdomain, a race in cxenstored may cause a double-free. The xenstored daemon may crash, resulting in a DoS of any parts of the system relying on it (including domain creation / destruction, ballooning, device changes, etc.).
CVE-2017-14316: A parameter verification issue was discovered in Xen through 4.9.x. The function `alloc_heap_pages` allows callers to specify the first NUMA node that should be used for allocations through the `memflags` parameter; the node is extracted using the `MEMF_get_node` macro. While the function checks to see if the special constant `NUMA_NO_NODE` is specified, it otherwise does not handle the case where `node >= MAX_NUMNODES`. This allows an out-of-bounds access to an internal array.

Please fix them.

Created: 2017-06-20 Last update: 2017-10-20 07:23

20 security issues in wheezy

high

There are 20 open security issues in wheezy.

10 important issues:

CVE-2017-15594: An issue was discovered in Xen through 4.9.x allowing x86 SVM PV guest OS users to cause a denial of service (hypervisor crash) or gain privileges because IDT settings are mishandled during CPU hotplugging.
CVE-2017-15595: An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to cause a denial of service (unbounded recursion, stack consumption, and hypervisor crash) or possibly gain privileges via crafted page-table stacking.
CVE-2017-15592: An issue was discovered in Xen through 4.9.x allowing x86 HVM guest OS users to cause a denial of service (hypervisor crash) or possibly gain privileges because self-linear shadow mappings are mishandled for translated guests.
CVE-2017-15593: An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to cause a denial of service (memory leak) because reference counts are mishandled.
CVE-2017-15590: An issue was discovered in Xen through 4.9.x allowing x86 guest OS users to cause a denial of service (hypervisor crash) or possibly gain privileges because MSI mapping was mishandled.
CVE-2017-2620:
CVE-2017-15589: An issue was discovered in Xen through 4.9.x allowing x86 HVM guest OS users to obtain sensitive information from the host OS (or an arbitrary guest OS) because intercepted I/O operations can cause a write of data from uninitialized hypervisor stack memory.
CVE-2017-15588: An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to execute arbitrary code on the host OS because of a race condition that can cause a stale TLB entry.
CVE-2016-9603:
CVE-2016-9637: The (1) ioport_read and (2) ioport_write functions in Xen, when qemu is used as a device model within Xen, might allow local x86 HVM guest OS administrators to gain qemu process privileges via vectors involving an out-of-range ioport access.

10 issues skipped by the security teams:

CVE-2014-5146: Certain MMU virtualization operations in Xen 4.2.x through 4.4.x before the xsa97-hap patch, when using Hardware Assisted Paging (HAP), are not preemptible, which allows local HVM guest to cause a denial of service (vcpu consumption) by invoking these operations, which process every page assigned to a guest, a different vulnerability than CVE-2014-5149.
CVE-2017-14431: Memory leak in Xen 3.3 through 4.8.x allows guest OS users to cause a denial of service (ARM or x86 AMD host OS memory consumption) by continually rebooting, because certain cleanup is skipped if no pass-through device was ever assigned, aka XSA-207.
CVE-2015-8341: The libxl toolstack library in Xen 4.1.x through 4.6.x does not properly release mappings of files used as kernels and initial ramdisks when managing multiple domains in the same process, which allows attackers to cause a denial of service (memory and disk consumption) by starting domains.
CVE-2015-3259: Stack-based buffer overflow in the xl command line utility in Xen 4.1.x through 4.5.x allows local guest administrators to gain privileges via a long configuration argument.
CVE-2016-4963: The libxl device-handling in Xen through 4.6.x allows local guest OS users with access to the driver domain to cause a denial of service (management tool confusion) by manipulating information in the backend directories in xenstore.
CVE-2016-4962: The libxl device-handling in Xen 4.6.x and earlier allows local OS guest administrators to cause a denial of service (resource consumption or management facility confusion) or gain host OS privileges by manipulating information in guest controlled areas of xenstore.
CVE-2015-2152: Xen 4.5.x and earlier enables certain default backends when emulating a VGA device for an x86 HVM guest qemu even when the configuration disables them, which allows local guest users to obtain access to the VGA console by (1) setting the DISPLAY environment variable, when compiled with SDL support, or connecting to the VNC server on (2) ::1 or (3) 127.0.0.1, when not compiled with SDL support.
CVE-2014-5149: Certain MMU virtualization operations in Xen 4.2.x through 4.4.x, when using shadow pagetables, are not preemptible, which allows local HVM guest to cause a denial of service (vcpu consumption) by invoking these operations, which process every page assigned to a guest, a different vulnerability than CVE-2014-5146.
CVE-2015-7311: libxl in Xen 4.1.x through 4.6.x does not properly handle the readonly flag on disks when using the qemu-xen device model, which allows local guest users to write to a read-only disk image.
TEMP-0860565-9E8C4B:

Please fix them.

Created: 2015-07-12 Last update: 2017-10-20 07:23

12 security issues in buster

high

There are 12 open security issues in buster.

12 important issues:

CVE-2017-15594: An issue was discovered in Xen through 4.9.x allowing x86 SVM PV guest OS users to cause a denial of service (hypervisor crash) or gain privileges because IDT settings are mishandled during CPU hotplugging.
CVE-2017-15595: An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to cause a denial of service (unbounded recursion, stack consumption, and hypervisor crash) or possibly gain privileges via crafted page-table stacking.
CVE-2017-15592: An issue was discovered in Xen through 4.9.x allowing x86 HVM guest OS users to cause a denial of service (hypervisor crash) or possibly gain privileges because self-linear shadow mappings are mishandled for translated guests.
CVE-2017-15593: An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to cause a denial of service (memory leak) because reference counts are mishandled.
CVE-2017-15590: An issue was discovered in Xen through 4.9.x allowing x86 guest OS users to cause a denial of service (hypervisor crash) or possibly gain privileges because MSI mapping was mishandled.
CVE-2017-15591: An issue was discovered in Xen 4.5.x through 4.9.x allowing attackers (who control a stub domain kernel or tool stack) to cause a denial of service (host OS crash) because of a missing comparison (of range start to range end) within the DMOP map/unmap implementation.
CVE-2017-15589: An issue was discovered in Xen through 4.9.x allowing x86 HVM guest OS users to obtain sensitive information from the host OS (or an arbitrary guest OS) because intercepted I/O operations can cause a write of data from uninitialized hypervisor stack memory.
CVE-2017-15588: An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to execute arbitrary code on the host OS because of a race condition that can cause a stale TLB entry.
CVE-2017-14319: A grant unmapping issue was discovered in Xen through 4.9.x. When removing or replacing a grant mapping, the x86 PV specific path needs to make sure page table entries remain in sync with other accounting done. Although the identity of the page frame was validated correctly, neither the presence of the mapping nor page writability were taken into account.
CVE-2017-14318: An issue was discovered in Xen 4.5.x through 4.9.x. The function `__gnttab_cache_flush` handles GNTTABOP_cache_flush grant table operations. It checks to see if the calling domain is the owner of the page that is to be operated on. If it is not, the owner's grant table is checked to see if a grant mapping to the calling domain exists for the page in question. However, the function does not check to see if the owning domain actually has a grant table or not. Some special domains, such as `DOMID_XEN`, `DOMID_IO` and `DOMID_COW` are created without grant tables. Hence, if __gnttab_cache_flush operates on a page owned by these special domains, it will attempt to dereference a NULL pointer in the domain struct.
CVE-2017-14317: A domain cleanup issue was discovered in the C xenstore daemon (aka cxenstored) in Xen through 4.9.x. When shutting down a VM with a stubdomain, a race in cxenstored may cause a double-free. The xenstored daemon may crash, resulting in a DoS of any parts of the system relying on it (including domain creation / destruction, ballooning, device changes, etc.).
CVE-2017-14316: A parameter verification issue was discovered in Xen through 4.9.x. The function `alloc_heap_pages` allows callers to specify the first NUMA node that should be used for allocations through the `memflags` parameter; the node is extracted using the `MEMF_get_node` macro. While the function checks to see if the special constant `NUMA_NO_NODE` is specified, it otherwise does not handle the case where `node >= MAX_NUMNODES`. This allows an out-of-bounds access to an internal array.

Please fix them.

Created: 2017-06-20 Last update: 2017-10-20 07:23

18 security issues in jessie

high

There are 18 open security issues in jessie.

10 important issues:

CVE-2017-15594: An issue was discovered in Xen through 4.9.x allowing x86 SVM PV guest OS users to cause a denial of service (hypervisor crash) or gain privileges because IDT settings are mishandled during CPU hotplugging.
CVE-2017-15595: An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to cause a denial of service (unbounded recursion, stack consumption, and hypervisor crash) or possibly gain privileges via crafted page-table stacking.
CVE-2017-15592: An issue was discovered in Xen through 4.9.x allowing x86 HVM guest OS users to cause a denial of service (hypervisor crash) or possibly gain privileges because self-linear shadow mappings are mishandled for translated guests.
CVE-2017-15593: An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to cause a denial of service (memory leak) because reference counts are mishandled.
CVE-2017-15590: An issue was discovered in Xen through 4.9.x allowing x86 guest OS users to cause a denial of service (hypervisor crash) or possibly gain privileges because MSI mapping was mishandled.
CVE-2017-15589: An issue was discovered in Xen through 4.9.x allowing x86 HVM guest OS users to obtain sensitive information from the host OS (or an arbitrary guest OS) because intercepted I/O operations can cause a write of data from uninitialized hypervisor stack memory.
CVE-2017-15588: An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to execute arbitrary code on the host OS because of a race condition that can cause a stale TLB entry.
CVE-2017-14319: A grant unmapping issue was discovered in Xen through 4.9.x. When removing or replacing a grant mapping, the x86 PV specific path needs to make sure page table entries remain in sync with other accounting done. Although the identity of the page frame was validated correctly, neither the presence of the mapping nor page writability were taken into account.
CVE-2017-14317: A domain cleanup issue was discovered in the C xenstore daemon (aka cxenstored) in Xen through 4.9.x. When shutting down a VM with a stubdomain, a race in cxenstored may cause a double-free. The xenstored daemon may crash, resulting in a DoS of any parts of the system relying on it (including domain creation / destruction, ballooning, device changes, etc.).
CVE-2017-14316: A parameter verification issue was discovered in Xen through 4.9.x. The function `alloc_heap_pages` allows callers to specify the first NUMA node that should be used for allocations through the `memflags` parameter; the node is extracted using the `MEMF_get_node` macro. While the function checks to see if the special constant `NUMA_NO_NODE` is specified, it otherwise does not handle the case where `node >= MAX_NUMNODES`. This allows an out-of-bounds access to an internal array.

8 issues skipped by the security teams:

CVE-2017-10919: Xen through 4.8.x mishandles virtual interrupt injection, which allows guest OS users to cause a denial of service (hypervisor crash), aka XSA-223.
CVE-2016-9816: Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host crash) via vectors involving an asynchronous abort while at EL2.
CVE-2016-9815: Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host panic) by sending an asynchronous abort.
CVE-2016-9817: Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host crash) via vectors involving a (1) data or (2) prefetch abort with the ESR_EL2.EA bit set.
CVE-2016-4963: The libxl device-handling in Xen through 4.6.x allows local guest OS users with access to the driver domain to cause a denial of service (management tool confusion) by manipulating information in the backend directories in xenstore.
CVE-2017-14431: Memory leak in Xen 3.3 through 4.8.x allows guest OS users to cause a denial of service (ARM or x86 AMD host OS memory consumption) by continually rebooting, because certain cleanup is skipped if no pass-through device was ever assigned, aka XSA-207.
CVE-2016-9818: Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host crash) via vectors involving an asynchronous abort while at HYP.
TEMP-0860565-9E8C4B:

Please fix them.

Created: 2015-07-12 Last update: 2017-10-20 07:23

12 security issues in stretch

high

There are 12 open security issues in stretch.

12 important issues:

CVE-2017-15594: An issue was discovered in Xen through 4.9.x allowing x86 SVM PV guest OS users to cause a denial of service (hypervisor crash) or gain privileges because IDT settings are mishandled during CPU hotplugging.
CVE-2017-15595: An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to cause a denial of service (unbounded recursion, stack consumption, and hypervisor crash) or possibly gain privileges via crafted page-table stacking.
CVE-2017-15592: An issue was discovered in Xen through 4.9.x allowing x86 HVM guest OS users to cause a denial of service (hypervisor crash) or possibly gain privileges because self-linear shadow mappings are mishandled for translated guests.
CVE-2017-15593: An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to cause a denial of service (memory leak) because reference counts are mishandled.
CVE-2017-15590: An issue was discovered in Xen through 4.9.x allowing x86 guest OS users to cause a denial of service (hypervisor crash) or possibly gain privileges because MSI mapping was mishandled.
CVE-2017-15591: An issue was discovered in Xen 4.5.x through 4.9.x allowing attackers (who control a stub domain kernel or tool stack) to cause a denial of service (host OS crash) because of a missing comparison (of range start to range end) within the DMOP map/unmap implementation.
CVE-2017-15589: An issue was discovered in Xen through 4.9.x allowing x86 HVM guest OS users to obtain sensitive information from the host OS (or an arbitrary guest OS) because intercepted I/O operations can cause a write of data from uninitialized hypervisor stack memory.
CVE-2017-15588: An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to execute arbitrary code on the host OS because of a race condition that can cause a stale TLB entry.
CVE-2017-14319: A grant unmapping issue was discovered in Xen through 4.9.x. When removing or replacing a grant mapping, the x86 PV specific path needs to make sure page table entries remain in sync with other accounting done. Although the identity of the page frame was validated correctly, neither the presence of the mapping nor page writability were taken into account.
CVE-2017-14318: An issue was discovered in Xen 4.5.x through 4.9.x. The function `__gnttab_cache_flush` handles GNTTABOP_cache_flush grant table operations. It checks to see if the calling domain is the owner of the page that is to be operated on. If it is not, the owner's grant table is checked to see if a grant mapping to the calling domain exists for the page in question. However, the function does not check to see if the owning domain actually has a grant table or not. Some special domains, such as `DOMID_XEN`, `DOMID_IO` and `DOMID_COW` are created without grant tables. Hence, if __gnttab_cache_flush operates on a page owned by these special domains, it will attempt to dereference a NULL pointer in the domain struct.
CVE-2017-14317: A domain cleanup issue was discovered in the C xenstore daemon (aka cxenstored) in Xen through 4.9.x. When shutting down a VM with a stubdomain, a race in cxenstored may cause a double-free. The xenstored daemon may crash, resulting in a DoS of any parts of the system relying on it (including domain creation / destruction, ballooning, device changes, etc.).
CVE-2017-14316: A parameter verification issue was discovered in Xen through 4.9.x. The function `alloc_heap_pages` allows callers to specify the first NUMA node that should be used for allocations through the `memflags` parameter; the node is extracted using the `MEMF_get_node` macro. While the function checks to see if the special constant `NUMA_NO_NODE` is specified, it otherwise does not handle the case where `node >= MAX_NUMNODES`. This allows an out-of-bounds access to an internal array.

Please fix them.

Created: 2017-06-20 Last update: 2017-10-20 07:23

Standards version of the package is outdated.

high

The package is severely out of date with respect to the Debian Policy. The package should be updated to follow the last version of Debian Policy (Standards-Version 4.1.1 instead of 3.9.4).

Created: 2014-08-10 Last update: 2017-10-11 13:08

lintian reports 1 error and 53 warnings

high

Lintian reports 1 error and 53 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2017-05-05 Last update: 2017-10-08 01:22

Fails to build during reproducibility testing

normal

A package building reproducibly enables third parties to verify that the source matches the distributed binaries. It has been identified that this source package produced different results, failed to build or had other issues in a test environment. Please read about how to improve the situation!

Created: 2016-04-06 Last update: 2017-10-22 13:25

4 bugs tagged patch in the BTS

normal

The BTS contains patches fixing 4 bugs, consider including or untagging them.

Created: 2017-08-12 Last update: 2017-10-22 13:05

news

[rss feed]

[2017-10-11] Accepted xen 4.1.6.lts1-9 (source all amd64) into oldoldstable (Felix Geyer)
[2017-10-09] xen 4.8.1-1+deb9u3 MIGRATED to testing (Debian testing watch)
[2017-09-23] Accepted xen 4.4.1-9+deb8u10 (source i386 all) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates (Ian Jackson)
[2017-09-23] Accepted xen 4.8.1-1+deb9u2 (all amd64 source) into proposed-updates->stable-new, proposed-updates (Ian Jackson)
[2017-09-23] Accepted xen 4.8.1-1+deb9u3 (all amd64 source) into proposed-updates->stable-new, proposed-updates (Ian Jackson)
[2017-06-01] Accepted xen 4.1.6.lts1-8 (source all amd64) into oldstable (Felix Geyer)
[2017-05-30] Accepted xen 4.1.6.lts1-7 (source all amd64) into oldstable (Felix Geyer)
[2017-05-27] Accepted xen 4.4.1-9+deb8u9 (all i386 source) into proposed-updates->stable-new, proposed-updates (Ian Jackson)
[2017-05-04] xen 4.8.1-1+deb9u1 MIGRATED to testing (Debian testing watch)
[2017-05-02] Accepted xen 4.8.1-1+deb9u1 (source) into unstable (Ian Jackson)
[2017-04-24] xen 4.8.1-1 MIGRATED to testing (Debian testing watch)
[2017-04-21] Accepted xen 4.1.6.lts1-6 (source all amd64) into oldstable (Felix Geyer) (signed by: Ola Lundqvist)
[2017-04-18] Accepted xen 4.8.1-1 (source) into unstable (Ian Jackson)
[2017-02-03] xen 4.8.1~pre.2017.01.23-1 MIGRATED to testing (Debian testing watch)
[2017-01-23] Accepted xen 4.8.1~pre.2017.01.23-1 (all amd64 source) into unstable (Ian Jackson)
[2017-01-13] Accepted xen 4.1.6.lts1-5 (source all amd64) into oldstable (Felix Geyer) (signed by: Guido Günther)
[2017-01-02] xen 4.8.0-1 MIGRATED to testing (Debian testing watch)
[2016-12-22] Accepted xen 4.8.0-1 (all amd64 source) into unstable (Ian Jackson)
[2016-12-14] Accepted xen 4.4.1-9+deb8u8 (all source) into proposed-updates->stable-new, proposed-updates (Salvatore Bonaccorso)
[2016-11-22] Accepted xen 4.1.6.lts1-4 (source all amd64) into oldstable (Bastian Blank)
[2016-11-17] xen 4.8.0~rc5-1 MIGRATED to testing (Debian testing watch)
[2016-11-11] Accepted xen 4.8.0~rc5-1 (all amd64 source) into unstable (Ian Jackson)
[2016-11-10] xen 4.8.0~rc3-1 MIGRATED to testing (Debian testing watch)
[2016-11-07] Accepted xen 4.8.0~rc3-1 (all amd64 source) into unstable (Ian Jackson)
[2016-11-03] Accepted xen 4.1.6.lts1-3 (source all amd64) into oldstable (Felix Geyer) (signed by: Guido Günther)
[2016-11-01] Accepted xen 4.8.0~rc3-0exp2 (all amd64 source) into experimental (Ian Jackson)
[2016-10-31] Accepted xen 4.8.0~rc3-0exp1 (all amd64 source) into experimental, experimental (Ian Jackson)
[2016-09-09] Accepted xen 4.4.1-9+deb8u7 (all source) into proposed-updates->stable-new, proposed-updates (Salvatore Bonaccorso)
[2016-09-08] Accepted xen 4.1.6.lts1-2 (source i386 all) into oldstable (Bastian Blank)
[2016-07-30] Accepted xen 4.4.1-9+deb8u6 (source all amd64) into proposed-updates->stable-new, proposed-updates (Moritz Muehlenhoff) (signed by: Moritz Mühlenhoff)

bugs [bug history graph]

all: 53 56
RC: 2
I&N: 43 46
M&W: 8
F&P: 0

links

lintian (1, 53)
buildd: logs, clang, reproducibility
popcon
browse source code
edit tags
security tracker

ubuntu

[Information about Ubuntu for Debian Developers]

version: 4.9.0-0ubuntu3
50 bugs (10 patches)
patches for 4.9.0-0ubuntu3