Git : Code : xen package : Ubuntu

Ubuntu
xen package

Overview
Code
Bugs
Blueprints
Translations
Answers

View Bazaar branches

Get this repository:: git clone https://git.launchpad.net/ubuntu/+source/xen

Members of Ubuntu Server Dev import team can upload to this repository. Log in for directions.

Branches

Name	Last Modified	Last Commit
importer/debian/dsc	2018-10-17 16:14:20 UTC 2018-10-17	DSC file for 4.11.1~pre.20180911.5acdd26fdc+dfsg-5 Author: Ubuntu Git Importer Author Date: 2018-10-17 16:14:20 UTC DSC file for 4.11.1~pre.20180911.5acdd26fdc+dfsg-5
debian/sid	2018-10-15 22:41:32 UTC 2018-10-15	Import patches-unapplied version 4.11.1~pre.20180911.5acdd26fdc+dfsg-5 to deb... Author: Ian Jackson Author Date: 2018-10-15 17:07:11 UTC Import patches-unapplied version 4.11.1~pre.20180911.5acdd26fdc+dfsg-5 to debian/sid Imported using git-ubuntu import. Changelog parent: d89dc524620d33669117d1e48415b762b0676a1e New changelog entries: * debian/rules: Cope if xen-utils-common not being built (Fixes binary-indep FTBFS.)
applied/debian/sid	2018-10-15 22:41:32 UTC 2018-10-15	Import patches-applied version 4.11.1~pre.20180911.5acdd26fdc+dfsg-5 to appli... Author: Ian Jackson Author Date: 2018-10-15 17:07:11 UTC Import patches-applied version 4.11.1~pre.20180911.5acdd26fdc+dfsg-5 to applied/debian/sid Imported using git-ubuntu import. Changelog parent: 8bd389f33306500da63d0c1ce631eca78479ac93 Unapplied parent: e7eff203830a6193544358927128c2cc285d9080 New changelog entries: * debian/rules: Cope if xen-utils-common not being built (Fixes binary-indep FTBFS.)
debian/experimental	2018-09-12 16:27:11 UTC 2018-09-12	Import patches-unapplied version 4.11.1~pre.20180911.5acdd26fdc+dfsg-1~exp1 t... Author: Hans van Kranenburg Author Date: 2018-09-11 13:34:34 UTC Import patches-unapplied version 4.11.1~pre.20180911.5acdd26fdc+dfsg-1~exp1 to debian/experimental Imported using git-ubuntu import. Changelog parent: 3fb68988c4b590a521631bf6c82457cf32e23964 New changelog entries: * Update to new upstream version 4.11.1~pre.20180911.5acdd26fdc+dfsg. * Remove stubdom/grub.patches/00cvs from the upstream source because it's not DFSG compliant. (license-problem-gfdl-invariants) * Override statically-linked-binary lintian error about usr/lib/xen-4.11/boot/xen-shim [ Hans van Kranenburg ] * Update to 4.11.1-pre commit 733450b39b, which also contains: - Additional fix for: Unlimited recursion in linear pagetable de-typing XSA-240 CVE-2017-15595 (listed as xsa240-4.8/0004) - Fix x86 PV guests may gain access to internally used pages XSA-248 CVE-2017-17566 - Fix broken x86 shadow mode refcount overflow check XSA-249 CVE-2017-17563 - Fix improper x86 shadow mode refcount error handling XSA-250 CVE-2017-17564 - Fix improper bug check in x86 log-dirty handling XSA-251 CVE-2017-17565 - Fix: DoS via non-preemptable L3/L4 pagetable freeing XSA-252 CVE-2018-7540 - Fix x86: memory leak with MSR emulation XSA-253 CVE-2018-5244 - Multiple parts of fixes for... Information leak via side effects of speculative execution XSA-254 CVE-2017-5753 CVE-2017-5715 CVE-2017-5754 - XPTI stage 1 a.k.a. 'Meltdown band-aid', XPTI-S1 or XPTI-lite - Branch predictor hardening for ARM CPUs - Support compiling with indirect branch thunks (e.g. retpoline) - Report details of speculative mitigations in boot logging - Fix: grant table v2 -> v1 transition may crash Xen XSA-255 CVE-2018-7541 - Fix: x86 PVH guest without LAPIC may DoS the host XSA-256 CVE-2018-7542 - The "Comet" shim, which can be used as a mitigation for Meltdown to shield the hypervisor against 64-bit PV guests. - Fix: Information leak via crafted user-supplied CDROM XSA-258 CVE-2018-10472 - Fix: x86: PV guest may crash Xen with XPTI XSA-259 CVE-2018-10471 - Fix: x86: mishandling of debug exceptions XSA-260 CVE-2018-8897 - Fix: x86 vHPET interrupt injection errors XSA-261 CVE-2018-10982 - Fix: qemu may drive Xen into unbounded loop XSA-262 CVE-2018-10981 - Fix: Speculative Store Bypass XSA-263 CVE-2018-3639 - Fix: preemption checks bypassed in x86 PV MM handling XSA-264 CVE-2018-12891 - Fix: x86: #DB exception safety check can be triggered by a guest XSA-265 CVE-2018-12893 - Fix: libxl fails to honour readonly flag on HVM emulated SCSI disks XSA-266 CVE-2018-12892 - Fix: Speculative register leakage from lazy FPU context switching XSA-267 CVE-2018-3665 - Fix: Use of v2 grant tables may cause crash on ARM XSA-268 CVE-2018-15469 - Fix: x86: Incorrect MSR_DEBUGCTL handling lets guests enable BTS XSA-269 CVE-2018-15468 - Fix: oxenstored does not apply quota-maxentity XSA-272 CVE-2018-15470 - Fix: L1 Terminal Fault speculative side channel XSA-273 CVE-2018-3620 * Merge changes for 4.9 from the ubuntu packaging (thanks, Stefan Bader): - Rebase patches against upstream source (line numbers etc). - debian/rules.real: - Add a call to build common tool headers. - Add a call to install common tool headers. - debian/libxen-dev.install, d/p/ubuntu-tools-libs-abiname.diff: - Add additional modifications for new libxendevicemodel. - debian/patches/tools-fake-xs-restrict.patch: - Re-introduce (fake) xs_restrict call to keep libxenstore version at 3.0 for now. - debian/libxenstore3.0.symbols: add xs_control_command * Rebase patches against 4.10 upstream source. * Rebase patches against 4.11 upstream source. * Add README.source.md to document how the packaging works. * This package builds correctly with gcc 7. (Closes: #853710) * Fix grub config file conflict when upgrading from Stretch. (Closes: #852545) * Init scripts: Do not kill per-domain qemu processes. (Closes: #879751) * debian/patches: Fix "'vwprintw' is deprecated" gcc 8 compilation error [ Mark Pryor ] * Fix shared library build dependencies for the new xentoolcore library. [ John Keates ] * Enable OVMF (Closes: #858962)
applied/debian/experimental	2018-09-12 16:27:11 UTC 2018-09-12	Import patches-applied version 4.11.1~pre.20180911.5acdd26fdc+dfsg-1~exp1 to ... Author: Hans van Kranenburg Author Date: 2018-09-11 13:34:34 UTC Import patches-applied version 4.11.1~pre.20180911.5acdd26fdc+dfsg-1~exp1 to applied/debian/experimental Imported using git-ubuntu import. Changelog parent: 5907bf887df27a51cf6228e2bb473a389dec30b0 Unapplied parent: 7a9f512c83dbf118dff60e692d10ef6c3723c0ce New changelog entries: * Update to new upstream version 4.11.1~pre.20180911.5acdd26fdc+dfsg. * Remove stubdom/grub.patches/00cvs from the upstream source because it's not DFSG compliant. (license-problem-gfdl-invariants) * Override statically-linked-binary lintian error about usr/lib/xen-4.11/boot/xen-shim [ Hans van Kranenburg ] * Update to 4.11.1-pre commit 733450b39b, which also contains: - Additional fix for: Unlimited recursion in linear pagetable de-typing XSA-240 CVE-2017-15595 (listed as xsa240-4.8/0004) - Fix x86 PV guests may gain access to internally used pages XSA-248 CVE-2017-17566 - Fix broken x86 shadow mode refcount overflow check XSA-249 CVE-2017-17563 - Fix improper x86 shadow mode refcount error handling XSA-250 CVE-2017-17564 - Fix improper bug check in x86 log-dirty handling XSA-251 CVE-2017-17565 - Fix: DoS via non-preemptable L3/L4 pagetable freeing XSA-252 CVE-2018-7540 - Fix x86: memory leak with MSR emulation XSA-253 CVE-2018-5244 - Multiple parts of fixes for... Information leak via side effects of speculative execution XSA-254 CVE-2017-5753 CVE-2017-5715 CVE-2017-5754 - XPTI stage 1 a.k.a. 'Meltdown band-aid', XPTI-S1 or XPTI-lite - Branch predictor hardening for ARM CPUs - Support compiling with indirect branch thunks (e.g. retpoline) - Report details of speculative mitigations in boot logging - Fix: grant table v2 -> v1 transition may crash Xen XSA-255 CVE-2018-7541 - Fix: x86 PVH guest without LAPIC may DoS the host XSA-256 CVE-2018-7542 - The "Comet" shim, which can be used as a mitigation for Meltdown to shield the hypervisor against 64-bit PV guests. - Fix: Information leak via crafted user-supplied CDROM XSA-258 CVE-2018-10472 - Fix: x86: PV guest may crash Xen with XPTI XSA-259 CVE-2018-10471 - Fix: x86: mishandling of debug exceptions XSA-260 CVE-2018-8897 - Fix: x86 vHPET interrupt injection errors XSA-261 CVE-2018-10982 - Fix: qemu may drive Xen into unbounded loop XSA-262 CVE-2018-10981 - Fix: Speculative Store Bypass XSA-263 CVE-2018-3639 - Fix: preemption checks bypassed in x86 PV MM handling XSA-264 CVE-2018-12891 - Fix: x86: #DB exception safety check can be triggered by a guest XSA-265 CVE-2018-12893 - Fix: libxl fails to honour readonly flag on HVM emulated SCSI disks XSA-266 CVE-2018-12892 - Fix: Speculative register leakage from lazy FPU context switching XSA-267 CVE-2018-3665 - Fix: Use of v2 grant tables may cause crash on ARM XSA-268 CVE-2018-15469 - Fix: x86: Incorrect MSR_DEBUGCTL handling lets guests enable BTS XSA-269 CVE-2018-15468 - Fix: oxenstored does not apply quota-maxentity XSA-272 CVE-2018-15470 - Fix: L1 Terminal Fault speculative side channel XSA-273 CVE-2018-3620 * Merge changes for 4.9 from the ubuntu packaging (thanks, Stefan Bader): - Rebase patches against upstream source (line numbers etc). - debian/rules.real: - Add a call to build common tool headers. - Add a call to install common tool headers. - debian/libxen-dev.install, d/p/ubuntu-tools-libs-abiname.diff: - Add additional modifications for new libxendevicemodel. - debian/patches/tools-fake-xs-restrict.patch: - Re-introduce (fake) xs_restrict call to keep libxenstore version at 3.0 for now. - debian/libxenstore3.0.symbols: add xs_control_command * Rebase patches against 4.10 upstream source. * Rebase patches against 4.11 upstream source. * Add README.source.md to document how the packaging works. * This package builds correctly with gcc 7. (Closes: #853710) * Fix grub config file conflict when upgrading from Stretch. (Closes: #852545) * Init scripts: Do not kill per-domain qemu processes. (Closes: #879751) * debian/patches: Fix "'vwprintw' is deprecated" gcc 8 compilation error [ Mark Pryor ] * Fix shared library build dependencies for the new xentoolcore library. [ John Keates ] * Enable OVMF (Closes: #858962)
debian/buster	2018-07-14 11:13:37 UTC 2018-07-14	Import patches-unapplied version 4.8.3+xsa267+shim4.10.1+xsa267-1+deb9u9 to d... Author: Ian Jackson Author Date: 2018-06-22 15:38:39 UTC Import patches-unapplied version 4.8.3+xsa267+shim4.10.1+xsa267-1+deb9u9 to debian/stretch Imported using git-ubuntu import. Changelog parent: 6562567bc6d531d3e5658589df5e071b98a1bd7d New changelog entries: * Security upload [thanks to Wolodja Wentland]: XSA-264 (no CVE yet) XSA-265 (no CVE yet) XSA-266 (no CVE yet) * Update to new upstream version 4.8.3+xsa267+shim4.10.1+xsa267. XSA-267 CVE-2018-3665 I have actually taken upstream's staging-4.8 CI input branch, which is identical to the CI-tested stable-4.8 except that it also has the XSA-267 patches. There are additional patches in upstream's stable-4.8 branch, beyond what was in the previous Debian stretch security update, which are prerequisites for the XSA-267 patches. For the shim, I have updated to upstream's staging-4.10, which is identical to the CI-tested stable-4.10q except, again, for XSA-267-related patches. The 4.10.0-comet branch lacks speculation control entirely and has been superseded upstream. * Include upstream XSA-263 (speculative store bypass) fixes for x86. I hear that ARM fixes will be forthcoming RSN. Ie, XSA-263 CVE-2018-3639 (amd64/i386; armhf/arm64 still vuln.) * Include a number of upstream bugfixes, including fixes to previous security fixes, some of which are security-relevant: x86: correct ordering of operations during S3 resume x86: suppress BTI mitigations around S3 suspend/resume x86/spec_ctrl: Updates to retpoline-safety decision making x86/HPET: fix race triggering ASSERT(cpu < nr_cpu_ids) x86/HVM: never retain emulated insn cache when exiting back to guest xpti: fix bug in double fault handling x86/cpuidle: don't init stats lock more than once xen: Introduce vcpu_sleep_nosync_locked() xen/schedule: Fix races in vcpu migration x86: Fix "x86: further CPUID handling adjustments" The result is very similar to upstream staging-4.8. However, as upstream staging-4.8 has not yet passed upstream CI, I have chosen to cherry pick fixes so that I can drop a couple that don't look immediately important. We will expect to resynchronise with upstream's 4.8 stable branch soon. * Drop our patch `tools: fix arm build after bdf693ee61b48' (which was needed to build the upstream 4.8 comet branch on ARM but is not needed for the the upstream staging/stable branch). Closes:#898898. * Update changelog for 4.8.3+xsa262+shim4.10.0+comet3-1+deb9u6 to mention branch switch from upstream 4.8 comet to upstream main 4.8, and add some missing CVEs. * Update to new upstream version 4.8.3+xsa262+shim4.10.0+comet3. (This is the upstream staging-4.8 branch, which is ahead of the upstream CI-tested stable-4.8 branch by precisely the three most recent XSA fixes. We are switching away from the special upstream 4.8 comet branch.) * Resulting security fixes: XSA-258 CVE-2018-10472 XSA-259 CVE-2018-10471 XSA-260 CVE-2018-8897 XSA-261 CVE-2018-10982 XSA-262 CVE-2018-10981 * Apply two further build fixes from upstream staging-4.8.
applied/debian/buster	2018-07-14 11:13:37 UTC 2018-07-14	Import patches-applied version 4.8.3+xsa267+shim4.10.1+xsa267-1+deb9u9 to app... Author: Ian Jackson Author Date: 2018-06-22 15:38:39 UTC Import patches-applied version 4.8.3+xsa267+shim4.10.1+xsa267-1+deb9u9 to applied/debian/stretch Imported using git-ubuntu import. Changelog parent: d23580dd2b3181f758a667b126839c864631ece6 Unapplied parent: 2b9646ef4f9794a9836bb79a4841725a5c44eadc New changelog entries: * Security upload [thanks to Wolodja Wentland]: XSA-264 (no CVE yet) XSA-265 (no CVE yet) XSA-266 (no CVE yet) * Update to new upstream version 4.8.3+xsa267+shim4.10.1+xsa267. XSA-267 CVE-2018-3665 I have actually taken upstream's staging-4.8 CI input branch, which is identical to the CI-tested stable-4.8 except that it also has the XSA-267 patches. There are additional patches in upstream's stable-4.8 branch, beyond what was in the previous Debian stretch security update, which are prerequisites for the XSA-267 patches. For the shim, I have updated to upstream's staging-4.10, which is identical to the CI-tested stable-4.10q except, again, for XSA-267-related patches. The 4.10.0-comet branch lacks speculation control entirely and has been superseded upstream. * Include upstream XSA-263 (speculative store bypass) fixes for x86. I hear that ARM fixes will be forthcoming RSN. Ie, XSA-263 CVE-2018-3639 (amd64/i386; armhf/arm64 still vuln.) * Include a number of upstream bugfixes, including fixes to previous security fixes, some of which are security-relevant: x86: correct ordering of operations during S3 resume x86: suppress BTI mitigations around S3 suspend/resume x86/spec_ctrl: Updates to retpoline-safety decision making x86/HPET: fix race triggering ASSERT(cpu < nr_cpu_ids) x86/HVM: never retain emulated insn cache when exiting back to guest xpti: fix bug in double fault handling x86/cpuidle: don't init stats lock more than once xen: Introduce vcpu_sleep_nosync_locked() xen/schedule: Fix races in vcpu migration x86: Fix "x86: further CPUID handling adjustments" The result is very similar to upstream staging-4.8. However, as upstream staging-4.8 has not yet passed upstream CI, I have chosen to cherry pick fixes so that I can drop a couple that don't look immediately important. We will expect to resynchronise with upstream's 4.8 stable branch soon. * Drop our patch `tools: fix arm build after bdf693ee61b48' (which was needed to build the upstream 4.8 comet branch on ARM but is not needed for the the upstream staging/stable branch). Closes:#898898. * Update changelog for 4.8.3+xsa262+shim4.10.0+comet3-1+deb9u6 to mention branch switch from upstream 4.8 comet to upstream main 4.8, and add some missing CVEs. * Update to new upstream version 4.8.3+xsa262+shim4.10.0+comet3. (This is the upstream staging-4.8 branch, which is ahead of the upstream CI-tested stable-4.8 branch by precisely the three most recent XSA fixes. We are switching away from the special upstream 4.8 comet branch.) * Resulting security fixes: XSA-258 CVE-2018-10472 XSA-259 CVE-2018-10471 XSA-260 CVE-2018-8897 XSA-261 CVE-2018-10982 XSA-262 CVE-2018-10981 * Apply two further build fixes from upstream staging-4.8.
debian/stretch	2018-07-14 11:13:37 UTC 2018-07-14	Import patches-unapplied version 4.8.3+xsa267+shim4.10.1+xsa267-1+deb9u9 to d... Author: Ian Jackson Author Date: 2018-06-22 15:38:39 UTC Import patches-unapplied version 4.8.3+xsa267+shim4.10.1+xsa267-1+deb9u9 to debian/stretch Imported using git-ubuntu import. Changelog parent: 6562567bc6d531d3e5658589df5e071b98a1bd7d New changelog entries: * Security upload [thanks to Wolodja Wentland]: XSA-264 (no CVE yet) XSA-265 (no CVE yet) XSA-266 (no CVE yet) * Update to new upstream version 4.8.3+xsa267+shim4.10.1+xsa267. XSA-267 CVE-2018-3665 I have actually taken upstream's staging-4.8 CI input branch, which is identical to the CI-tested stable-4.8 except that it also has the XSA-267 patches. There are additional patches in upstream's stable-4.8 branch, beyond what was in the previous Debian stretch security update, which are prerequisites for the XSA-267 patches. For the shim, I have updated to upstream's staging-4.10, which is identical to the CI-tested stable-4.10q except, again, for XSA-267-related patches. The 4.10.0-comet branch lacks speculation control entirely and has been superseded upstream. * Include upstream XSA-263 (speculative store bypass) fixes for x86. I hear that ARM fixes will be forthcoming RSN. Ie, XSA-263 CVE-2018-3639 (amd64/i386; armhf/arm64 still vuln.) * Include a number of upstream bugfixes, including fixes to previous security fixes, some of which are security-relevant: x86: correct ordering of operations during S3 resume x86: suppress BTI mitigations around S3 suspend/resume x86/spec_ctrl: Updates to retpoline-safety decision making x86/HPET: fix race triggering ASSERT(cpu < nr_cpu_ids) x86/HVM: never retain emulated insn cache when exiting back to guest xpti: fix bug in double fault handling x86/cpuidle: don't init stats lock more than once xen: Introduce vcpu_sleep_nosync_locked() xen/schedule: Fix races in vcpu migration x86: Fix "x86: further CPUID handling adjustments" The result is very similar to upstream staging-4.8. However, as upstream staging-4.8 has not yet passed upstream CI, I have chosen to cherry pick fixes so that I can drop a couple that don't look immediately important. We will expect to resynchronise with upstream's 4.8 stable branch soon. * Drop our patch `tools: fix arm build after bdf693ee61b48' (which was needed to build the upstream 4.8 comet branch on ARM but is not needed for the the upstream staging/stable branch). Closes:#898898. * Update changelog for 4.8.3+xsa262+shim4.10.0+comet3-1+deb9u6 to mention branch switch from upstream 4.8 comet to upstream main 4.8, and add some missing CVEs. * Update to new upstream version 4.8.3+xsa262+shim4.10.0+comet3. (This is the upstream staging-4.8 branch, which is ahead of the upstream CI-tested stable-4.8 branch by precisely the three most recent XSA fixes. We are switching away from the special upstream 4.8 comet branch.) * Resulting security fixes: XSA-258 CVE-2018-10472 XSA-259 CVE-2018-10471 XSA-260 CVE-2018-8897 XSA-261 CVE-2018-10982 XSA-262 CVE-2018-10981 * Apply two further build fixes from upstream staging-4.8.
applied/debian/stretch	2018-07-14 11:13:37 UTC 2018-07-14	Import patches-applied version 4.8.3+xsa267+shim4.10.1+xsa267-1+deb9u9 to app... Author: Ian Jackson Author Date: 2018-06-22 15:38:39 UTC Import patches-applied version 4.8.3+xsa267+shim4.10.1+xsa267-1+deb9u9 to applied/debian/stretch Imported using git-ubuntu import. Changelog parent: d23580dd2b3181f758a667b126839c864631ece6 Unapplied parent: 2b9646ef4f9794a9836bb79a4841725a5c44eadc New changelog entries: * Security upload [thanks to Wolodja Wentland]: XSA-264 (no CVE yet) XSA-265 (no CVE yet) XSA-266 (no CVE yet) * Update to new upstream version 4.8.3+xsa267+shim4.10.1+xsa267. XSA-267 CVE-2018-3665 I have actually taken upstream's staging-4.8 CI input branch, which is identical to the CI-tested stable-4.8 except that it also has the XSA-267 patches. There are additional patches in upstream's stable-4.8 branch, beyond what was in the previous Debian stretch security update, which are prerequisites for the XSA-267 patches. For the shim, I have updated to upstream's staging-4.10, which is identical to the CI-tested stable-4.10q except, again, for XSA-267-related patches. The 4.10.0-comet branch lacks speculation control entirely and has been superseded upstream. * Include upstream XSA-263 (speculative store bypass) fixes for x86. I hear that ARM fixes will be forthcoming RSN. Ie, XSA-263 CVE-2018-3639 (amd64/i386; armhf/arm64 still vuln.) * Include a number of upstream bugfixes, including fixes to previous security fixes, some of which are security-relevant: x86: correct ordering of operations during S3 resume x86: suppress BTI mitigations around S3 suspend/resume x86/spec_ctrl: Updates to retpoline-safety decision making x86/HPET: fix race triggering ASSERT(cpu < nr_cpu_ids) x86/HVM: never retain emulated insn cache when exiting back to guest xpti: fix bug in double fault handling x86/cpuidle: don't init stats lock more than once xen: Introduce vcpu_sleep_nosync_locked() xen/schedule: Fix races in vcpu migration x86: Fix "x86: further CPUID handling adjustments" The result is very similar to upstream staging-4.8. However, as upstream staging-4.8 has not yet passed upstream CI, I have chosen to cherry pick fixes so that I can drop a couple that don't look immediately important. We will expect to resynchronise with upstream's 4.8 stable branch soon. * Drop our patch `tools: fix arm build after bdf693ee61b48' (which was needed to build the upstream 4.8 comet branch on ARM but is not needed for the the upstream staging/stable branch). Closes:#898898. * Update changelog for 4.8.3+xsa262+shim4.10.0+comet3-1+deb9u6 to mention branch switch from upstream 4.8 comet to upstream main 4.8, and add some missing CVEs. * Update to new upstream version 4.8.3+xsa262+shim4.10.0+comet3. (This is the upstream staging-4.8 branch, which is ahead of the upstream CI-tested stable-4.8 branch by precisely the three most recent XSA fixes. We are switching away from the special upstream 4.8 comet branch.) * Resulting security fixes: XSA-258 CVE-2018-10472 XSA-259 CVE-2018-10471 XSA-260 CVE-2018-8897 XSA-261 CVE-2018-10982 XSA-262 CVE-2018-10981 * Apply two further build fixes from upstream staging-4.8.
importer/ubuntu/dsc	2018-05-04 19:46:36 UTC 2018-05-04	DSC file for 4.9.2-0ubuntu2 Author: Ubuntu Git Importer Author Date: 2018-05-04 19:46:36 UTC DSC file for 4.9.2-0ubuntu2
applied/ubuntu/devel	2018-05-03 15:44:42 UTC 2018-05-03	Import patches-applied version 4.9.2-0ubuntu2 to applied/ubuntu/cosmic-proposed Author: Matthias Klose Author Date: 2018-05-03 14:20:24 UTC Import patches-applied version 4.9.2-0ubuntu2 to applied/ubuntu/cosmic-proposed Imported using git-ubuntu import. Changelog parent: c7f59df9c9cd67c6241f7dff93846ea97222a058 Unapplied parent: bbc3b139c242441e7b5655a7f129eac2e9d1a31b New changelog entries: * No-change rebuild for ncurses soname changes.
ubuntu/cosmic	2018-05-03 15:44:42 UTC 2018-05-03	Import patches-unapplied version 4.9.2-0ubuntu2 to ubuntu/cosmic-proposed Author: Matthias Klose Author Date: 2018-05-03 14:20:24 UTC Import patches-unapplied version 4.9.2-0ubuntu2 to ubuntu/cosmic-proposed Imported using git-ubuntu import. Changelog parent: ecfa33fc1861e429ea08d7c3f9d01982c49a63e7 New changelog entries: * No-change rebuild for ncurses soname changes.
ubuntu/cosmic-devel	2018-05-03 15:44:42 UTC 2018-05-03	Import patches-unapplied version 4.9.2-0ubuntu2 to ubuntu/cosmic-proposed Author: Matthias Klose Author Date: 2018-05-03 14:20:24 UTC Import patches-unapplied version 4.9.2-0ubuntu2 to ubuntu/cosmic-proposed Imported using git-ubuntu import. Changelog parent: ecfa33fc1861e429ea08d7c3f9d01982c49a63e7 New changelog entries: * No-change rebuild for ncurses soname changes.
applied/ubuntu/cosmic-proposed	2018-05-03 15:44:42 UTC 2018-05-03	Import patches-applied version 4.9.2-0ubuntu2 to applied/ubuntu/cosmic-proposed Author: Matthias Klose Author Date: 2018-05-03 14:20:24 UTC Import patches-applied version 4.9.2-0ubuntu2 to applied/ubuntu/cosmic-proposed Imported using git-ubuntu import. Changelog parent: c7f59df9c9cd67c6241f7dff93846ea97222a058 Unapplied parent: bbc3b139c242441e7b5655a7f129eac2e9d1a31b New changelog entries: * No-change rebuild for ncurses soname changes.
applied/ubuntu/cosmic	2018-05-03 15:44:42 UTC 2018-05-03	Import patches-applied version 4.9.2-0ubuntu2 to applied/ubuntu/cosmic-proposed Author: Matthias Klose Author Date: 2018-05-03 14:20:24 UTC Import patches-applied version 4.9.2-0ubuntu2 to applied/ubuntu/cosmic-proposed Imported using git-ubuntu import. Changelog parent: c7f59df9c9cd67c6241f7dff93846ea97222a058 Unapplied parent: bbc3b139c242441e7b5655a7f129eac2e9d1a31b New changelog entries: * No-change rebuild for ncurses soname changes.
applied/ubuntu/cosmic-devel	2018-05-03 15:44:42 UTC 2018-05-03	Import patches-applied version 4.9.2-0ubuntu2 to applied/ubuntu/cosmic-proposed Author: Matthias Klose Author Date: 2018-05-03 14:20:24 UTC Import patches-applied version 4.9.2-0ubuntu2 to applied/ubuntu/cosmic-proposed Imported using git-ubuntu import. Changelog parent: c7f59df9c9cd67c6241f7dff93846ea97222a058 Unapplied parent: bbc3b139c242441e7b5655a7f129eac2e9d1a31b New changelog entries: * No-change rebuild for ncurses soname changes.
ubuntu/cosmic-proposed	2018-05-03 15:44:42 UTC 2018-05-03	Import patches-unapplied version 4.9.2-0ubuntu2 to ubuntu/cosmic-proposed Author: Matthias Klose Author Date: 2018-05-03 14:20:24 UTC Import patches-unapplied version 4.9.2-0ubuntu2 to ubuntu/cosmic-proposed Imported using git-ubuntu import. Changelog parent: ecfa33fc1861e429ea08d7c3f9d01982c49a63e7 New changelog entries: * No-change rebuild for ncurses soname changes.
ubuntu/devel	2018-05-03 15:44:42 UTC 2018-05-03	Import patches-unapplied version 4.9.2-0ubuntu2 to ubuntu/cosmic-proposed Author: Matthias Klose Author Date: 2018-05-03 14:20:24 UTC Import patches-unapplied version 4.9.2-0ubuntu2 to ubuntu/cosmic-proposed Imported using git-ubuntu import. Changelog parent: ecfa33fc1861e429ea08d7c3f9d01982c49a63e7 New changelog entries: * No-change rebuild for ncurses soname changes.
ubuntu/bionic-proposed	2018-04-16 09:44:14 UTC 2018-04-16	Import patches-unapplied version 4.9.2-0ubuntu1 to ubuntu/bionic-proposed Author: Stefan Bader Author Date: 2018-04-12 09:54:57 UTC Import patches-unapplied version 4.9.2-0ubuntu1 to ubuntu/bionic-proposed Imported using git-ubuntu import. Changelog parent: 74cdf5ebbe05e38983f23bbe03a2c769e473c42d New changelog entries: * Update to upstream 4.9.2 release (LP: #1763354). Changes include numerous bugfixes, including security fixes/updates. 4.9.0 -> 4.9.1: - XSA-226 / CVE-2017-12135 (replacement) - XSA-227 / CVE-2017-12137 (replacement) - XSA-228 / CVE-2017-12136 (replacement) - XSA-230 / CVE-2017-12855 (replacement) - XSA-231 / CVE-2017-14316 (replacement) - XSA-232 / CVE-2017-14318 (replacement) - XSA-233 / CVE-2017-14317 (replacement) - XSA-234 / CVE-2017-14319 (replacement) - XSA-235 / CVE-2017-15596 (replacement) - XSA-236 / CVE-2017-15597 (new) - XSA-237 / CVE-2017-15590 (replacement) - XSA-238 / CVE-2017-15591 (replacement) - XSA-239 / CVE-2017-15589 (replacement) - XSA-240 / CVE-2017-15595 (update) - XSA-241 / CVE-2017-15588 (replacement) - XSA-242 / CVE-2017-15593 (replacement) - XSA-243 / CVE-2017-15592 (replacement) - XSA-244 / CVE-2017-15594 (replacement) - XSA-245 / CVE-2017-17046 (replacement) 4.9.1 -> 4.9.2: - XSA-246 / CVE-2017-17044 (new) - XSA-247 / CVE-2017-17045 (new) - XSA-248 / CVE-2017-17566 (new) - XSA-249 / CVE-2017-17563 (new) - XSA-250 / CVE-2017-17564 (new) - XSA-251 / CVE-2017-17565 (new) - XSA-252 / CVE-2018-7540 (new) - XSA-254 / CVE-2017-5754 (new / XPTI Meltdown mitigation) - XSA-255 / CVE-2018-7541 (new) - XSA-256 / CVE-2018-7542 (new) * Dropped: d/p/ubuntu/tools-fix-ftbs-arm.patch (upstream)
applied/ubuntu/bionic	2018-04-16 09:44:14 UTC 2018-04-16	Import patches-applied version 4.9.2-0ubuntu1 to applied/ubuntu/bionic-proposed Author: Stefan Bader Author Date: 2018-04-12 09:54:57 UTC Import patches-applied version 4.9.2-0ubuntu1 to applied/ubuntu/bionic-proposed Imported using git-ubuntu import. Changelog parent: 16af0230026d8f48ab45bd03b8c47927e7f2e95f Unapplied parent: 0f8901a8de4fa9f57ba6e1ff0f520ebbe90629a2 New changelog entries: * Update to upstream 4.9.2 release (LP: #1763354). Changes include numerous bugfixes, including security fixes/updates. 4.9.0 -> 4.9.1: - XSA-226 / CVE-2017-12135 (replacement) - XSA-227 / CVE-2017-12137 (replacement) - XSA-228 / CVE-2017-12136 (replacement) - XSA-230 / CVE-2017-12855 (replacement) - XSA-231 / CVE-2017-14316 (replacement) - XSA-232 / CVE-2017-14318 (replacement) - XSA-233 / CVE-2017-14317 (replacement) - XSA-234 / CVE-2017-14319 (replacement) - XSA-235 / CVE-2017-15596 (replacement) - XSA-236 / CVE-2017-15597 (new) - XSA-237 / CVE-2017-15590 (replacement) - XSA-238 / CVE-2017-15591 (replacement) - XSA-239 / CVE-2017-15589 (replacement) - XSA-240 / CVE-2017-15595 (update) - XSA-241 / CVE-2017-15588 (replacement) - XSA-242 / CVE-2017-15593 (replacement) - XSA-243 / CVE-2017-15592 (replacement) - XSA-244 / CVE-2017-15594 (replacement) - XSA-245 / CVE-2017-17046 (replacement) 4.9.1 -> 4.9.2: - XSA-246 / CVE-2017-17044 (new) - XSA-247 / CVE-2017-17045 (new) - XSA-248 / CVE-2017-17566 (new) - XSA-249 / CVE-2017-17563 (new) - XSA-250 / CVE-2017-17564 (new) - XSA-251 / CVE-2017-17565 (new) - XSA-252 / CVE-2018-7540 (new) - XSA-254 / CVE-2017-5754 (new / XPTI Meltdown mitigation) - XSA-255 / CVE-2018-7541 (new) - XSA-256 / CVE-2018-7542 (new) * Dropped: d/p/ubuntu/tools-fix-ftbs-arm.patch (upstream)
applied/ubuntu/bionic-devel	2018-04-16 09:44:14 UTC 2018-04-16	Import patches-applied version 4.9.2-0ubuntu1 to applied/ubuntu/bionic-proposed Author: Stefan Bader Author Date: 2018-04-12 09:54:57 UTC Import patches-applied version 4.9.2-0ubuntu1 to applied/ubuntu/bionic-proposed Imported using git-ubuntu import. Changelog parent: 16af0230026d8f48ab45bd03b8c47927e7f2e95f Unapplied parent: 0f8901a8de4fa9f57ba6e1ff0f520ebbe90629a2 New changelog entries: * Update to upstream 4.9.2 release (LP: #1763354). Changes include numerous bugfixes, including security fixes/updates. 4.9.0 -> 4.9.1: - XSA-226 / CVE-2017-12135 (replacement) - XSA-227 / CVE-2017-12137 (replacement) - XSA-228 / CVE-2017-12136 (replacement) - XSA-230 / CVE-2017-12855 (replacement) - XSA-231 / CVE-2017-14316 (replacement) - XSA-232 / CVE-2017-14318 (replacement) - XSA-233 / CVE-2017-14317 (replacement) - XSA-234 / CVE-2017-14319 (replacement) - XSA-235 / CVE-2017-15596 (replacement) - XSA-236 / CVE-2017-15597 (new) - XSA-237 / CVE-2017-15590 (replacement) - XSA-238 / CVE-2017-15591 (replacement) - XSA-239 / CVE-2017-15589 (replacement) - XSA-240 / CVE-2017-15595 (update) - XSA-241 / CVE-2017-15588 (replacement) - XSA-242 / CVE-2017-15593 (replacement) - XSA-243 / CVE-2017-15592 (replacement) - XSA-244 / CVE-2017-15594 (replacement) - XSA-245 / CVE-2017-17046 (replacement) 4.9.1 -> 4.9.2: - XSA-246 / CVE-2017-17044 (new) - XSA-247 / CVE-2017-17045 (new) - XSA-248 / CVE-2017-17566 (new) - XSA-249 / CVE-2017-17563 (new) - XSA-250 / CVE-2017-17564 (new) - XSA-251 / CVE-2017-17565 (new) - XSA-252 / CVE-2018-7540 (new) - XSA-254 / CVE-2017-5754 (new / XPTI Meltdown mitigation) - XSA-255 / CVE-2018-7541 (new) - XSA-256 / CVE-2018-7542 (new) * Dropped: d/p/ubuntu/tools-fix-ftbs-arm.patch (upstream)
applied/ubuntu/bionic-proposed	2018-04-16 09:44:14 UTC 2018-04-16	Import patches-applied version 4.9.2-0ubuntu1 to applied/ubuntu/bionic-proposed Author: Stefan Bader Author Date: 2018-04-12 09:54:57 UTC Import patches-applied version 4.9.2-0ubuntu1 to applied/ubuntu/bionic-proposed Imported using git-ubuntu import. Changelog parent: 16af0230026d8f48ab45bd03b8c47927e7f2e95f Unapplied parent: 0f8901a8de4fa9f57ba6e1ff0f520ebbe90629a2 New changelog entries: * Update to upstream 4.9.2 release (LP: #1763354). Changes include numerous bugfixes, including security fixes/updates. 4.9.0 -> 4.9.1: - XSA-226 / CVE-2017-12135 (replacement) - XSA-227 / CVE-2017-12137 (replacement) - XSA-228 / CVE-2017-12136 (replacement) - XSA-230 / CVE-2017-12855 (replacement) - XSA-231 / CVE-2017-14316 (replacement) - XSA-232 / CVE-2017-14318 (replacement) - XSA-233 / CVE-2017-14317 (replacement) - XSA-234 / CVE-2017-14319 (replacement) - XSA-235 / CVE-2017-15596 (replacement) - XSA-236 / CVE-2017-15597 (new) - XSA-237 / CVE-2017-15590 (replacement) - XSA-238 / CVE-2017-15591 (replacement) - XSA-239 / CVE-2017-15589 (replacement) - XSA-240 / CVE-2017-15595 (update) - XSA-241 / CVE-2017-15588 (replacement) - XSA-242 / CVE-2017-15593 (replacement) - XSA-243 / CVE-2017-15592 (replacement) - XSA-244 / CVE-2017-15594 (replacement) - XSA-245 / CVE-2017-17046 (replacement) 4.9.1 -> 4.9.2: - XSA-246 / CVE-2017-17044 (new) - XSA-247 / CVE-2017-17045 (new) - XSA-248 / CVE-2017-17566 (new) - XSA-249 / CVE-2017-17563 (new) - XSA-250 / CVE-2017-17564 (new) - XSA-251 / CVE-2017-17565 (new) - XSA-252 / CVE-2018-7540 (new) - XSA-254 / CVE-2017-5754 (new / XPTI Meltdown mitigation) - XSA-255 / CVE-2018-7541 (new) - XSA-256 / CVE-2018-7542 (new) * Dropped: d/p/ubuntu/tools-fix-ftbs-arm.patch (upstream)
ubuntu/bionic	2018-04-16 09:44:14 UTC 2018-04-16	Import patches-unapplied version 4.9.2-0ubuntu1 to ubuntu/bionic-proposed Author: Stefan Bader Author Date: 2018-04-12 09:54:57 UTC Import patches-unapplied version 4.9.2-0ubuntu1 to ubuntu/bionic-proposed Imported using git-ubuntu import. Changelog parent: 74cdf5ebbe05e38983f23bbe03a2c769e473c42d New changelog entries: * Update to upstream 4.9.2 release (LP: #1763354). Changes include numerous bugfixes, including security fixes/updates. 4.9.0 -> 4.9.1: - XSA-226 / CVE-2017-12135 (replacement) - XSA-227 / CVE-2017-12137 (replacement) - XSA-228 / CVE-2017-12136 (replacement) - XSA-230 / CVE-2017-12855 (replacement) - XSA-231 / CVE-2017-14316 (replacement) - XSA-232 / CVE-2017-14318 (replacement) - XSA-233 / CVE-2017-14317 (replacement) - XSA-234 / CVE-2017-14319 (replacement) - XSA-235 / CVE-2017-15596 (replacement) - XSA-236 / CVE-2017-15597 (new) - XSA-237 / CVE-2017-15590 (replacement) - XSA-238 / CVE-2017-15591 (replacement) - XSA-239 / CVE-2017-15589 (replacement) - XSA-240 / CVE-2017-15595 (update) - XSA-241 / CVE-2017-15588 (replacement) - XSA-242 / CVE-2017-15593 (replacement) - XSA-243 / CVE-2017-15592 (replacement) - XSA-244 / CVE-2017-15594 (replacement) - XSA-245 / CVE-2017-17046 (replacement) 4.9.1 -> 4.9.2: - XSA-246 / CVE-2017-17044 (new) - XSA-247 / CVE-2017-17045 (new) - XSA-248 / CVE-2017-17566 (new) - XSA-249 / CVE-2017-17563 (new) - XSA-250 / CVE-2017-17564 (new) - XSA-251 / CVE-2017-17565 (new) - XSA-252 / CVE-2018-7540 (new) - XSA-254 / CVE-2017-5754 (new / XPTI Meltdown mitigation) - XSA-255 / CVE-2018-7541 (new) - XSA-256 / CVE-2018-7542 (new) * Dropped: d/p/ubuntu/tools-fix-ftbs-arm.patch (upstream)
ubuntu/bionic-devel	2018-04-16 09:44:14 UTC 2018-04-16	Import patches-unapplied version 4.9.2-0ubuntu1 to ubuntu/bionic-proposed Author: Stefan Bader Author Date: 2018-04-12 09:54:57 UTC Import patches-unapplied version 4.9.2-0ubuntu1 to ubuntu/bionic-proposed Imported using git-ubuntu import. Changelog parent: 74cdf5ebbe05e38983f23bbe03a2c769e473c42d New changelog entries: * Update to upstream 4.9.2 release (LP: #1763354). Changes include numerous bugfixes, including security fixes/updates. 4.9.0 -> 4.9.1: - XSA-226 / CVE-2017-12135 (replacement) - XSA-227 / CVE-2017-12137 (replacement) - XSA-228 / CVE-2017-12136 (replacement) - XSA-230 / CVE-2017-12855 (replacement) - XSA-231 / CVE-2017-14316 (replacement) - XSA-232 / CVE-2017-14318 (replacement) - XSA-233 / CVE-2017-14317 (replacement) - XSA-234 / CVE-2017-14319 (replacement) - XSA-235 / CVE-2017-15596 (replacement) - XSA-236 / CVE-2017-15597 (new) - XSA-237 / CVE-2017-15590 (replacement) - XSA-238 / CVE-2017-15591 (replacement) - XSA-239 / CVE-2017-15589 (replacement) - XSA-240 / CVE-2017-15595 (update) - XSA-241 / CVE-2017-15588 (replacement) - XSA-242 / CVE-2017-15593 (replacement) - XSA-243 / CVE-2017-15592 (replacement) - XSA-244 / CVE-2017-15594 (replacement) - XSA-245 / CVE-2017-17046 (replacement) 4.9.1 -> 4.9.2: - XSA-246 / CVE-2017-17044 (new) - XSA-247 / CVE-2017-17045 (new) - XSA-248 / CVE-2017-17566 (new) - XSA-249 / CVE-2017-17563 (new) - XSA-250 / CVE-2017-17564 (new) - XSA-251 / CVE-2017-17565 (new) - XSA-252 / CVE-2018-7540 (new) - XSA-254 / CVE-2017-5754 (new / XPTI Meltdown mitigation) - XSA-255 / CVE-2018-7541 (new) - XSA-256 / CVE-2018-7542 (new) * Dropped: d/p/ubuntu/tools-fix-ftbs-arm.patch (upstream)
importer/debian/pristine-tar	2018-03-15 18:10:58 UTC 2018-03-15	pristine-tar data for xen_4.8.3+comet2+shim4.10.0+comet3.orig.tar.gz Author: Ubuntu Git Importer Author Date: 2018-03-15 18:10:58 UTC pristine-tar data for xen_4.8.3+comet2+shim4.10.0+comet3.orig.tar.gz
importer/ubuntu/pristine-tar	2018-03-06 02:52:21 UTC 2018-03-06	pristine-tar data for xen_4.9.0.orig.tar.gz Author: Ubuntu Git Importer Author Date: 2018-03-06 02:52:21 UTC pristine-tar data for xen_4.9.0.orig.tar.gz
debian/jessie	2017-12-09 17:59:12 UTC 2017-12-09	Import patches-unapplied version 4.4.1-9+deb8u10 to debian/jessie Author: Ian Jackson Author Date: 2017-09-05 17:35:04 UTC Import patches-unapplied version 4.4.1-9+deb8u10 to debian/jessie Imported using git-ubuntu import. Changelog parent: c51f1b9be10ea208bbd65406f81c154ed482fe75 New changelog entries: Security updates, including some very important fixes: * XSA-217 CVE-2017-10912 * XSA-218 CVE-2017-10913 CVE-2017-10914 * XSA-219 CVE-2017-10915 * XSA-221 CVE-2017-10917 * XSA-222 CVE-2017-10918 * XSA-224 CVE-2017-10919 * XSA-226 CVE-2017-12135 * XSA-227 CVE-2017-12137 * XSA-230 CVE-2017-12855 * XSA-235 no CVE assigned yet Bugfixes: * evtchn: don't reuse ports that are still "busy" (for XSA-221 patch) FYI, XSAs which remain outstanding because no patch is available. * XSA-223: armhf/arm64 guest-induced host crash vulnerability FYI, inapplicable XSAs, for which no patch is included: * XSA-216: Bugs are in Linux and Qemu, not Xen * XSA-220: Xen 4.4 is not vulnerable * XSA-225: Xen 4.4 is not vulnerable * XSA-228: Xen 4.4 is not vulnerable * XSA-229: Bug is in Linux, not Xen
applied/debian/jessie	2017-12-09 17:59:12 UTC 2017-12-09	Import patches-applied version 4.4.1-9+deb8u10 to applied/debian/jessie Author: Ian Jackson Author Date: 2017-09-05 17:35:04 UTC Import patches-applied version 4.4.1-9+deb8u10 to applied/debian/jessie Imported using git-ubuntu import. Changelog parent: cf98bd19cd9d3058b1642c0ce919a305013447f8 Unapplied parent: 7fc1f5bbf892220dae61f3ab60c9dc9c9bf53339 New changelog entries: Security updates, including some very important fixes: * XSA-217 CVE-2017-10912 * XSA-218 CVE-2017-10913 CVE-2017-10914 * XSA-219 CVE-2017-10915 * XSA-221 CVE-2017-10917 * XSA-222 CVE-2017-10918 * XSA-224 CVE-2017-10919 * XSA-226 CVE-2017-12135 * XSA-227 CVE-2017-12137 * XSA-230 CVE-2017-12855 * XSA-235 no CVE assigned yet Bugfixes: * evtchn: don't reuse ports that are still "busy" (for XSA-221 patch) FYI, XSAs which remain outstanding because no patch is available. * XSA-223: armhf/arm64 guest-induced host crash vulnerability FYI, inapplicable XSAs, for which no patch is included: * XSA-216: Bugs are in Linux and Qemu, not Xen * XSA-220: Xen 4.4 is not vulnerable * XSA-225: Xen 4.4 is not vulnerable * XSA-228: Xen 4.4 is not vulnerable * XSA-229: Bug is in Linux, not Xen
applied/ubuntu/zesty-security	2017-10-16 12:58:34 UTC 2017-10-16	Import patches-applied version 4.8.0-1ubuntu2.4 to applied/ubuntu/zesty-security Author: Stefan Bader Author Date: 2017-10-11 12:42:34 UTC Import patches-applied version 4.8.0-1ubuntu2.4 to applied/ubuntu/zesty-security Imported using git-ubuntu import. Changelog parent: 193ef13050adeab7e564ebd4d2c1756968fb01d0 Unapplied parent: 53a3f4797010b030243929d12dae324b2224dc63 New changelog entries: * Applying Xen Security Advisories: - CVE-2017-14316 / XSA-231 - xen/mm: make sure node is less than MAX_NUMNODES - CVE-2017-14318 / XSA-232 - grant_table: fix GNTTABOP_cache_flush handling - CVE-2017-14317 / XSA-233 - tools/xenstore: dont unlink connection object twice - CVE-2017-14319 / XSA-234 - gnttab: also validate PTE permissions upon destroy/replace - XSA-235 - arm/mm: release grant lock on xenmem_add_to_physmap_one() error paths - XSA-237 - x86: don't allow MSI pIRQ mapping on unowned device - x86: enforce proper privilege when (un)mapping pIRQ-s - x86/MSI: disallow redundant enabling - x86/IRQ: conditionally preserve irq <-> pirq mapping on map error paths - x86/FLASK: fix unmap-domain-IRQ XSM hook - XSA-238 - x86/ioreq server: correctly handle bogus XEN_DMOP_{,un}map_io_range_to_ioreq_server arguments - XSA-239 - x86/HVM: prefill partially used variable on emulation paths - XSA-240 - x86: limit linear page table use to a single level - x86/mm: Disable PV linear pagetables by default - XSA-241 - x86: don't store possibly stale TLB flush time stamp - XSA-242 - x86: don't allow page_unlock() to drop the last type reference - XSA-243 - x86/shadow: Don't create self-linear shadow mappings for 4-level translated guests - XSA-244 - x86/cpu: Fix IST handling during PCPU bringup - XSA-245 - xen/page_alloc: Cover memory unreserved after boot in first_valid_mfn - xen/arm: Correctly report the memory region in the dummy NUMA helpers * Applying Xen Security Advisories: - XSA-226 / CVE-2017-12135 - gnttab: don't use possibly unbounded tail calls - gnttab: fix transitive grant handling - XSA-227 / CVE-2017-12137 - x86/grant: Disallow misaligned PTEs - XSA-228 / CVE-2017-12136 - gnttab: split maptrack lock to make it fulfill its purpose again - XSA-230 / CVE-2017-12855 - gnttab: correct pin status fixup for copy
ubuntu/zesty-updates	2017-10-16 12:58:34 UTC 2017-10-16	Import patches-unapplied version 4.8.0-1ubuntu2.4 to ubuntu/zesty-security Author: Stefan Bader Author Date: 2017-10-11 12:42:34 UTC Import patches-unapplied version 4.8.0-1ubuntu2.4 to ubuntu/zesty-security Imported using git-ubuntu import. Changelog parent: 9c0d1c665d31f74059d0a1f3dc8071908587108e New changelog entries: * Applying Xen Security Advisories: - CVE-2017-14316 / XSA-231 - xen/mm: make sure node is less than MAX_NUMNODES - CVE-2017-14318 / XSA-232 - grant_table: fix GNTTABOP_cache_flush handling - CVE-2017-14317 / XSA-233 - tools/xenstore: dont unlink connection object twice - CVE-2017-14319 / XSA-234 - gnttab: also validate PTE permissions upon destroy/replace - XSA-235 - arm/mm: release grant lock on xenmem_add_to_physmap_one() error paths - XSA-237 - x86: don't allow MSI pIRQ mapping on unowned device - x86: enforce proper privilege when (un)mapping pIRQ-s - x86/MSI: disallow redundant enabling - x86/IRQ: conditionally preserve irq <-> pirq mapping on map error paths - x86/FLASK: fix unmap-domain-IRQ XSM hook - XSA-238 - x86/ioreq server: correctly handle bogus XEN_DMOP_{,un}map_io_range_to_ioreq_server arguments - XSA-239 - x86/HVM: prefill partially used variable on emulation paths - XSA-240 - x86: limit linear page table use to a single level - x86/mm: Disable PV linear pagetables by default - XSA-241 - x86: don't store possibly stale TLB flush time stamp - XSA-242 - x86: don't allow page_unlock() to drop the last type reference - XSA-243 - x86/shadow: Don't create self-linear shadow mappings for 4-level translated guests - XSA-244 - x86/cpu: Fix IST handling during PCPU bringup - XSA-245 - xen/page_alloc: Cover memory unreserved after boot in first_valid_mfn - xen/arm: Correctly report the memory region in the dummy NUMA helpers * Applying Xen Security Advisories: - XSA-226 / CVE-2017-12135 - gnttab: don't use possibly unbounded tail calls - gnttab: fix transitive grant handling - XSA-227 / CVE-2017-12137 - x86/grant: Disallow misaligned PTEs - XSA-228 / CVE-2017-12136 - gnttab: split maptrack lock to make it fulfill its purpose again - XSA-230 / CVE-2017-12855 - gnttab: correct pin status fixup for copy
ubuntu/zesty-security	2017-10-16 12:58:34 UTC 2017-10-16	Import patches-unapplied version 4.8.0-1ubuntu2.4 to ubuntu/zesty-security Author: Stefan Bader Author Date: 2017-10-11 12:42:34 UTC Import patches-unapplied version 4.8.0-1ubuntu2.4 to ubuntu/zesty-security Imported using git-ubuntu import. Changelog parent: 9c0d1c665d31f74059d0a1f3dc8071908587108e New changelog entries: * Applying Xen Security Advisories: - CVE-2017-14316 / XSA-231 - xen/mm: make sure node is less than MAX_NUMNODES - CVE-2017-14318 / XSA-232 - grant_table: fix GNTTABOP_cache_flush handling - CVE-2017-14317 / XSA-233 - tools/xenstore: dont unlink connection object twice - CVE-2017-14319 / XSA-234 - gnttab: also validate PTE permissions upon destroy/replace - XSA-235 - arm/mm: release grant lock on xenmem_add_to_physmap_one() error paths - XSA-237 - x86: don't allow MSI pIRQ mapping on unowned device - x86: enforce proper privilege when (un)mapping pIRQ-s - x86/MSI: disallow redundant enabling - x86/IRQ: conditionally preserve irq <-> pirq mapping on map error paths - x86/FLASK: fix unmap-domain-IRQ XSM hook - XSA-238 - x86/ioreq server: correctly handle bogus XEN_DMOP_{,un}map_io_range_to_ioreq_server arguments - XSA-239 - x86/HVM: prefill partially used variable on emulation paths - XSA-240 - x86: limit linear page table use to a single level - x86/mm: Disable PV linear pagetables by default - XSA-241 - x86: don't store possibly stale TLB flush time stamp - XSA-242 - x86: don't allow page_unlock() to drop the last type reference - XSA-243 - x86/shadow: Don't create self-linear shadow mappings for 4-level translated guests - XSA-244 - x86/cpu: Fix IST handling during PCPU bringup - XSA-245 - xen/page_alloc: Cover memory unreserved after boot in first_valid_mfn - xen/arm: Correctly report the memory region in the dummy NUMA helpers * Applying Xen Security Advisories: - XSA-226 / CVE-2017-12135 - gnttab: don't use possibly unbounded tail calls - gnttab: fix transitive grant handling - XSA-227 / CVE-2017-12137 - x86/grant: Disallow misaligned PTEs - XSA-228 / CVE-2017-12136 - gnttab: split maptrack lock to make it fulfill its purpose again - XSA-230 / CVE-2017-12855 - gnttab: correct pin status fixup for copy
ubuntu/zesty-devel	2017-10-16 12:58:34 UTC 2017-10-16	Import patches-unapplied version 4.8.0-1ubuntu2.4 to ubuntu/zesty-security Author: Stefan Bader Author Date: 2017-10-11 12:42:34 UTC Import patches-unapplied version 4.8.0-1ubuntu2.4 to ubuntu/zesty-security Imported using git-ubuntu import. Changelog parent: 9c0d1c665d31f74059d0a1f3dc8071908587108e New changelog entries: * Applying Xen Security Advisories: - CVE-2017-14316 / XSA-231 - xen/mm: make sure node is less than MAX_NUMNODES - CVE-2017-14318 / XSA-232 - grant_table: fix GNTTABOP_cache_flush handling - CVE-2017-14317 / XSA-233 - tools/xenstore: dont unlink connection object twice - CVE-2017-14319 / XSA-234 - gnttab: also validate PTE permissions upon destroy/replace - XSA-235 - arm/mm: release grant lock on xenmem_add_to_physmap_one() error paths - XSA-237 - x86: don't allow MSI pIRQ mapping on unowned device - x86: enforce proper privilege when (un)mapping pIRQ-s - x86/MSI: disallow redundant enabling - x86/IRQ: conditionally preserve irq <-> pirq mapping on map error paths - x86/FLASK: fix unmap-domain-IRQ XSM hook - XSA-238 - x86/ioreq server: correctly handle bogus XEN_DMOP_{,un}map_io_range_to_ioreq_server arguments - XSA-239 - x86/HVM: prefill partially used variable on emulation paths - XSA-240 - x86: limit linear page table use to a single level - x86/mm: Disable PV linear pagetables by default - XSA-241 - x86: don't store possibly stale TLB flush time stamp - XSA-242 - x86: don't allow page_unlock() to drop the last type reference - XSA-243 - x86/shadow: Don't create self-linear shadow mappings for 4-level translated guests - XSA-244 - x86/cpu: Fix IST handling during PCPU bringup - XSA-245 - xen/page_alloc: Cover memory unreserved after boot in first_valid_mfn - xen/arm: Correctly report the memory region in the dummy NUMA helpers * Applying Xen Security Advisories: - XSA-226 / CVE-2017-12135 - gnttab: don't use possibly unbounded tail calls - gnttab: fix transitive grant handling - XSA-227 / CVE-2017-12137 - x86/grant: Disallow misaligned PTEs - XSA-228 / CVE-2017-12136 - gnttab: split maptrack lock to make it fulfill its purpose again - XSA-230 / CVE-2017-12855 - gnttab: correct pin status fixup for copy
ubuntu/xenial-updates	2017-10-16 12:58:34 UTC 2017-10-16	Import patches-unapplied version 4.6.5-0ubuntu1.4 to ubuntu/xenial-security Author: Stefan Bader Author Date: 2017-10-11 13:41:03 UTC Import patches-unapplied version 4.6.5-0ubuntu1.4 to ubuntu/xenial-security Imported using git-ubuntu import. Changelog parent: df210c12545da79963d30a055d2c876199f1dc2c New changelog entries: * Applying Xen Security Advisories: - CVE-2017-14316 / XSA-231 - xen/mm: make sure node is less than MAX_NUMNODES - CVE-2017-14318 / XSA-232 - grant_table: fix GNTTABOP_cache_flush handling - CVE-2017-14317 / XSA-233 - tools/xenstore: dont unlink connection object twice - CVE-2017-14319 / XSA-234 - gnttab: also validate PTE permissions upon destroy/replace - XSA-235 - arm/mm: release grant lock on xenmem_add_to_physmap_one() error paths - XSA-237 - x86: don't allow MSI pIRQ mapping on unowned device - x86: enforce proper privilege when (un)mapping pIRQ-s - x86/MSI: disallow redundant enabling - x86/IRQ: conditionally preserve irq <-> pirq mapping on map error paths - x86/FLASK: fix unmap-domain-IRQ XSM hook - XSA-238 - x86/ioreq server: correctly handle bogus XEN_DMOP_{,un}map_io_range_to_ioreq_server arguments - XSA-239 - x86/HVM: prefill partially used variable on emulation paths - XSA-240 - x86: limit linear page table use to a single level - x86/mm: Disable PV linear pagetables by default - XSA-241 - x86: don't store possibly stale TLB flush time stamp - XSA-242 - x86: don't allow page_unlock() to drop the last type reference - XSA-243 - x86: Disable the use of auto-translated PV guestsx86: Disable the use of auto-translated PV guests - x86/shadow: Don't create self-linear shadow mappings for 4-level translated guests - XSA-244 - x86/cpu: Fix IST handling during PCPU bringup - XSA-245 - xen/page_alloc: Cover memory unreserved after boot in first_valid_mfn - xen/arm: Correctly report the memory region in the dummy NUMA helpers * Applying Xen Security Advisories: - XSA-226 / CVE-2017-12135 - gnttab: don't use possibly unbounded tail calls - gnttab: fix transitive grant handling - XSA-227 / CVE-2017-12137 - x86/grant: Disallow misaligned PTEs - XSA-228 / CVE-2017-12136 - gnttab: split maptrack lock to make it fulfill its purpose again - XSA-230 / CVE-2017-12855 - gnttab: correct pin status fixup for copy
ubuntu/xenial-security	2017-10-16 12:58:34 UTC 2017-10-16	Import patches-unapplied version 4.6.5-0ubuntu1.4 to ubuntu/xenial-security Author: Stefan Bader Author Date: 2017-10-11 13:41:03 UTC Import patches-unapplied version 4.6.5-0ubuntu1.4 to ubuntu/xenial-security Imported using git-ubuntu import. Changelog parent: df210c12545da79963d30a055d2c876199f1dc2c New changelog entries: * Applying Xen Security Advisories: - CVE-2017-14316 / XSA-231 - xen/mm: make sure node is less than MAX_NUMNODES - CVE-2017-14318 / XSA-232 - grant_table: fix GNTTABOP_cache_flush handling - CVE-2017-14317 / XSA-233 - tools/xenstore: dont unlink connection object twice - CVE-2017-14319 / XSA-234 - gnttab: also validate PTE permissions upon destroy/replace - XSA-235 - arm/mm: release grant lock on xenmem_add_to_physmap_one() error paths - XSA-237 - x86: don't allow MSI pIRQ mapping on unowned device - x86: enforce proper privilege when (un)mapping pIRQ-s - x86/MSI: disallow redundant enabling - x86/IRQ: conditionally preserve irq <-> pirq mapping on map error paths - x86/FLASK: fix unmap-domain-IRQ XSM hook - XSA-238 - x86/ioreq server: correctly handle bogus XEN_DMOP_{,un}map_io_range_to_ioreq_server arguments - XSA-239 - x86/HVM: prefill partially used variable on emulation paths - XSA-240 - x86: limit linear page table use to a single level - x86/mm: Disable PV linear pagetables by default - XSA-241 - x86: don't store possibly stale TLB flush time stamp - XSA-242 - x86: don't allow page_unlock() to drop the last type reference - XSA-243 - x86: Disable the use of auto-translated PV guestsx86: Disable the use of auto-translated PV guests - x86/shadow: Don't create self-linear shadow mappings for 4-level translated guests - XSA-244 - x86/cpu: Fix IST handling during PCPU bringup - XSA-245 - xen/page_alloc: Cover memory unreserved after boot in first_valid_mfn - xen/arm: Correctly report the memory region in the dummy NUMA helpers * Applying Xen Security Advisories: - XSA-226 / CVE-2017-12135 - gnttab: don't use possibly unbounded tail calls - gnttab: fix transitive grant handling - XSA-227 / CVE-2017-12137 - x86/grant: Disallow misaligned PTEs - XSA-228 / CVE-2017-12136 - gnttab: split maptrack lock to make it fulfill its purpose again - XSA-230 / CVE-2017-12855 - gnttab: correct pin status fixup for copy
ubuntu/xenial-devel	2017-10-16 12:58:34 UTC 2017-10-16	Import patches-unapplied version 4.6.5-0ubuntu1.4 to ubuntu/xenial-security Author: Stefan Bader Author Date: 2017-10-11 13:41:03 UTC Import patches-unapplied version 4.6.5-0ubuntu1.4 to ubuntu/xenial-security Imported using git-ubuntu import. Changelog parent: df210c12545da79963d30a055d2c876199f1dc2c New changelog entries: * Applying Xen Security Advisories: - CVE-2017-14316 / XSA-231 - xen/mm: make sure node is less than MAX_NUMNODES - CVE-2017-14318 / XSA-232 - grant_table: fix GNTTABOP_cache_flush handling - CVE-2017-14317 / XSA-233 - tools/xenstore: dont unlink connection object twice - CVE-2017-14319 / XSA-234 - gnttab: also validate PTE permissions upon destroy/replace - XSA-235 - arm/mm: release grant lock on xenmem_add_to_physmap_one() error paths - XSA-237 - x86: don't allow MSI pIRQ mapping on unowned device - x86: enforce proper privilege when (un)mapping pIRQ-s - x86/MSI: disallow redundant enabling - x86/IRQ: conditionally preserve irq <-> pirq mapping on map error paths - x86/FLASK: fix unmap-domain-IRQ XSM hook - XSA-238 - x86/ioreq server: correctly handle bogus XEN_DMOP_{,un}map_io_range_to_ioreq_server arguments - XSA-239 - x86/HVM: prefill partially used variable on emulation paths - XSA-240 - x86: limit linear page table use to a single level - x86/mm: Disable PV linear pagetables by default - XSA-241 - x86: don't store possibly stale TLB flush time stamp - XSA-242 - x86: don't allow page_unlock() to drop the last type reference - XSA-243 - x86: Disable the use of auto-translated PV guestsx86: Disable the use of auto-translated PV guests - x86/shadow: Don't create self-linear shadow mappings for 4-level translated guests - XSA-244 - x86/cpu: Fix IST handling during PCPU bringup - XSA-245 - xen/page_alloc: Cover memory unreserved after boot in first_valid_mfn - xen/arm: Correctly report the memory region in the dummy NUMA helpers * Applying Xen Security Advisories: - XSA-226 / CVE-2017-12135 - gnttab: don't use possibly unbounded tail calls - gnttab: fix transitive grant handling - XSA-227 / CVE-2017-12137 - x86/grant: Disallow misaligned PTEs - XSA-228 / CVE-2017-12136 - gnttab: split maptrack lock to make it fulfill its purpose again - XSA-230 / CVE-2017-12855 - gnttab: correct pin status fixup for copy
ubuntu/trusty-updates	2017-10-16 12:58:34 UTC 2017-10-16	Import patches-unapplied version 4.4.2-0ubuntu0.14.04.14 to ubuntu/trusty-sec... Author: Stefan Bader Author Date: 2017-10-11 14:26:04 UTC Import patches-unapplied version 4.4.2-0ubuntu0.14.04.14 to ubuntu/trusty-security Imported using git-ubuntu import. Changelog parent: 19efe9910b56848f4ce309c251e892a857056fad New changelog entries: * Applying Xen Security Advisories: - CVE-2017-14316 / XSA-231 - xen/mm: make sure node is less than MAX_NUMNODES - CVE-2017-14317 / XSA-233 - tools/xenstore: dont unlink connection object twice - CVE-2017-14319 / XSA-234 - gnttab: also validate PTE permissions upon destroy/replace - XSA-235 - arm/mm: release grant lock on xenmem_add_to_physmap_one() error paths - XSA-237 - x86: don't allow MSI pIRQ mapping on unowned device - x86: enforce proper privilege when (un)mapping pIRQ-s - x86/MSI: disallow redundant enabling - x86/MSI: fix error handling - x86/IRQ: conditionally preserve irq <-> pirq mapping on map error paths - x86/FLASK: fix unmap-domain-IRQ XSM hook - XSA-239 - x86/HVM: prefill partially used variable on emulation paths - XSA-240 - x86: limit linear page table use to a single level - x86/mm: Disable PV linear pagetables by default - XSA-241 - x86: don't store possibly stale TLB flush time stamp - XSA-242 - x86: don't allow page_unlock() to drop the last type reference - XSA-243 - x86: Disable the use of auto-translated PV guestsx86: Disable the use of auto-translated PV guests - x86/shadow: Don't create self-linear shadow mappings for 4-level translated guests - XSA-244 - x86/cpu: Fix IST handling during PCPU bringup * Applying Xen Security Advisories: - XSA-226 / CVE-2017-12135 - gnttab: don't use possibly unbounded tail calls - gnttab: fix transitive grant handling - XSA-227 / CVE-2017-12137 - x86/grant: Disallow misaligned PTEs - XSA-230 / CVE-2017-12855 - gnttab: correct pin status fixup for copy
ubuntu/trusty-security	2017-10-16 12:58:34 UTC 2017-10-16	Import patches-unapplied version 4.4.2-0ubuntu0.14.04.14 to ubuntu/trusty-sec... Author: Stefan Bader Author Date: 2017-10-11 14:26:04 UTC Import patches-unapplied version 4.4.2-0ubuntu0.14.04.14 to ubuntu/trusty-security Imported using git-ubuntu import. Changelog parent: 19efe9910b56848f4ce309c251e892a857056fad New changelog entries: * Applying Xen Security Advisories: - CVE-2017-14316 / XSA-231 - xen/mm: make sure node is less than MAX_NUMNODES - CVE-2017-14317 / XSA-233 - tools/xenstore: dont unlink connection object twice - CVE-2017-14319 / XSA-234 - gnttab: also validate PTE permissions upon destroy/replace - XSA-235 - arm/mm: release grant lock on xenmem_add_to_physmap_one() error paths - XSA-237 - x86: don't allow MSI pIRQ mapping on unowned device - x86: enforce proper privilege when (un)mapping pIRQ-s - x86/MSI: disallow redundant enabling - x86/MSI: fix error handling - x86/IRQ: conditionally preserve irq <-> pirq mapping on map error paths - x86/FLASK: fix unmap-domain-IRQ XSM hook - XSA-239 - x86/HVM: prefill partially used variable on emulation paths - XSA-240 - x86: limit linear page table use to a single level - x86/mm: Disable PV linear pagetables by default - XSA-241 - x86: don't store possibly stale TLB flush time stamp - XSA-242 - x86: don't allow page_unlock() to drop the last type reference - XSA-243 - x86: Disable the use of auto-translated PV guestsx86: Disable the use of auto-translated PV guests - x86/shadow: Don't create self-linear shadow mappings for 4-level translated guests - XSA-244 - x86/cpu: Fix IST handling during PCPU bringup * Applying Xen Security Advisories: - XSA-226 / CVE-2017-12135 - gnttab: don't use possibly unbounded tail calls - gnttab: fix transitive grant handling - XSA-227 / CVE-2017-12137 - x86/grant: Disallow misaligned PTEs - XSA-230 / CVE-2017-12855 - gnttab: correct pin status fixup for copy
ubuntu/trusty-devel	2017-10-16 12:58:34 UTC 2017-10-16	Import patches-unapplied version 4.4.2-0ubuntu0.14.04.14 to ubuntu/trusty-sec... Author: Stefan Bader Author Date: 2017-10-11 14:26:04 UTC Import patches-unapplied version 4.4.2-0ubuntu0.14.04.14 to ubuntu/trusty-security Imported using git-ubuntu import. Changelog parent: 19efe9910b56848f4ce309c251e892a857056fad New changelog entries: * Applying Xen Security Advisories: - CVE-2017-14316 / XSA-231 - xen/mm: make sure node is less than MAX_NUMNODES - CVE-2017-14317 / XSA-233 - tools/xenstore: dont unlink connection object twice - CVE-2017-14319 / XSA-234 - gnttab: also validate PTE permissions upon destroy/replace - XSA-235 - arm/mm: release grant lock on xenmem_add_to_physmap_one() error paths - XSA-237 - x86: don't allow MSI pIRQ mapping on unowned device - x86: enforce proper privilege when (un)mapping pIRQ-s - x86/MSI: disallow redundant enabling - x86/MSI: fix error handling - x86/IRQ: conditionally preserve irq <-> pirq mapping on map error paths - x86/FLASK: fix unmap-domain-IRQ XSM hook - XSA-239 - x86/HVM: prefill partially used variable on emulation paths - XSA-240 - x86: limit linear page table use to a single level - x86/mm: Disable PV linear pagetables by default - XSA-241 - x86: don't store possibly stale TLB flush time stamp - XSA-242 - x86: don't allow page_unlock() to drop the last type reference - XSA-243 - x86: Disable the use of auto-translated PV guestsx86: Disable the use of auto-translated PV guests - x86/shadow: Don't create self-linear shadow mappings for 4-level translated guests - XSA-244 - x86/cpu: Fix IST handling during PCPU bringup * Applying Xen Security Advisories: - XSA-226 / CVE-2017-12135 - gnttab: don't use possibly unbounded tail calls - gnttab: fix transitive grant handling - XSA-227 / CVE-2017-12137 - x86/grant: Disallow misaligned PTEs - XSA-230 / CVE-2017-12855 - gnttab: correct pin status fixup for copy
applied/ubuntu/trusty-devel	2017-10-16 12:58:34 UTC 2017-10-16	Import patches-applied version 4.4.2-0ubuntu0.14.04.14 to applied/ubuntu/trus... Author: Stefan Bader Author Date: 2017-10-11 14:26:04 UTC Import patches-applied version 4.4.2-0ubuntu0.14.04.14 to applied/ubuntu/trusty-security Imported using git-ubuntu import. Changelog parent: 94718e2968742e95cc5d0ee9247f4251d6678cae Unapplied parent: 1e3028d9603feee6d4abb6be19b7d27f39abe467 New changelog entries: * Applying Xen Security Advisories: - CVE-2017-14316 / XSA-231 - xen/mm: make sure node is less than MAX_NUMNODES - CVE-2017-14317 / XSA-233 - tools/xenstore: dont unlink connection object twice - CVE-2017-14319 / XSA-234 - gnttab: also validate PTE permissions upon destroy/replace - XSA-235 - arm/mm: release grant lock on xenmem_add_to_physmap_one() error paths - XSA-237 - x86: don't allow MSI pIRQ mapping on unowned device - x86: enforce proper privilege when (un)mapping pIRQ-s - x86/MSI: disallow redundant enabling - x86/MSI: fix error handling - x86/IRQ: conditionally preserve irq <-> pirq mapping on map error paths - x86/FLASK: fix unmap-domain-IRQ XSM hook - XSA-239 - x86/HVM: prefill partially used variable on emulation paths - XSA-240 - x86: limit linear page table use to a single level - x86/mm: Disable PV linear pagetables by default - XSA-241 - x86: don't store possibly stale TLB flush time stamp - XSA-242 - x86: don't allow page_unlock() to drop the last type reference - XSA-243 - x86: Disable the use of auto-translated PV guestsx86: Disable the use of auto-translated PV guests - x86/shadow: Don't create self-linear shadow mappings for 4-level translated guests - XSA-244 - x86/cpu: Fix IST handling during PCPU bringup * Applying Xen Security Advisories: - XSA-226 / CVE-2017-12135 - gnttab: don't use possibly unbounded tail calls - gnttab: fix transitive grant handling - XSA-227 / CVE-2017-12137 - x86/grant: Disallow misaligned PTEs - XSA-230 / CVE-2017-12855 - gnttab: correct pin status fixup for copy
applied/ubuntu/trusty-security	2017-10-16 12:58:34 UTC 2017-10-16	Import patches-applied version 4.4.2-0ubuntu0.14.04.14 to applied/ubuntu/trus... Author: Stefan Bader Author Date: 2017-10-11 14:26:04 UTC Import patches-applied version 4.4.2-0ubuntu0.14.04.14 to applied/ubuntu/trusty-security Imported using git-ubuntu import. Changelog parent: 94718e2968742e95cc5d0ee9247f4251d6678cae Unapplied parent: 1e3028d9603feee6d4abb6be19b7d27f39abe467 New changelog entries: * Applying Xen Security Advisories: - CVE-2017-14316 / XSA-231 - xen/mm: make sure node is less than MAX_NUMNODES - CVE-2017-14317 / XSA-233 - tools/xenstore: dont unlink connection object twice - CVE-2017-14319 / XSA-234 - gnttab: also validate PTE permissions upon destroy/replace - XSA-235 - arm/mm: release grant lock on xenmem_add_to_physmap_one() error paths - XSA-237 - x86: don't allow MSI pIRQ mapping on unowned device - x86: enforce proper privilege when (un)mapping pIRQ-s - x86/MSI: disallow redundant enabling - x86/MSI: fix error handling - x86/IRQ: conditionally preserve irq <-> pirq mapping on map error paths - x86/FLASK: fix unmap-domain-IRQ XSM hook - XSA-239 - x86/HVM: prefill partially used variable on emulation paths - XSA-240 - x86: limit linear page table use to a single level - x86/mm: Disable PV linear pagetables by default - XSA-241 - x86: don't store possibly stale TLB flush time stamp - XSA-242 - x86: don't allow page_unlock() to drop the last type reference - XSA-243 - x86: Disable the use of auto-translated PV guestsx86: Disable the use of auto-translated PV guests - x86/shadow: Don't create self-linear shadow mappings for 4-level translated guests - XSA-244 - x86/cpu: Fix IST handling during PCPU bringup * Applying Xen Security Advisories: - XSA-226 / CVE-2017-12135 - gnttab: don't use possibly unbounded tail calls - gnttab: fix transitive grant handling - XSA-227 / CVE-2017-12137 - x86/grant: Disallow misaligned PTEs - XSA-230 / CVE-2017-12855 - gnttab: correct pin status fixup for copy
applied/ubuntu/trusty-updates	2017-10-16 12:58:34 UTC 2017-10-16	Import patches-applied version 4.4.2-0ubuntu0.14.04.14 to applied/ubuntu/trus... Author: Stefan Bader Author Date: 2017-10-11 14:26:04 UTC Import patches-applied version 4.4.2-0ubuntu0.14.04.14 to applied/ubuntu/trusty-security Imported using git-ubuntu import. Changelog parent: 94718e2968742e95cc5d0ee9247f4251d6678cae Unapplied parent: 1e3028d9603feee6d4abb6be19b7d27f39abe467 New changelog entries: * Applying Xen Security Advisories: - CVE-2017-14316 / XSA-231 - xen/mm: make sure node is less than MAX_NUMNODES - CVE-2017-14317 / XSA-233 - tools/xenstore: dont unlink connection object twice - CVE-2017-14319 / XSA-234 - gnttab: also validate PTE permissions upon destroy/replace - XSA-235 - arm/mm: release grant lock on xenmem_add_to_physmap_one() error paths - XSA-237 - x86: don't allow MSI pIRQ mapping on unowned device - x86: enforce proper privilege when (un)mapping pIRQ-s - x86/MSI: disallow redundant enabling - x86/MSI: fix error handling - x86/IRQ: conditionally preserve irq <-> pirq mapping on map error paths - x86/FLASK: fix unmap-domain-IRQ XSM hook - XSA-239 - x86/HVM: prefill partially used variable on emulation paths - XSA-240 - x86: limit linear page table use to a single level - x86/mm: Disable PV linear pagetables by default - XSA-241 - x86: don't store possibly stale TLB flush time stamp - XSA-242 - x86: don't allow page_unlock() to drop the last type reference - XSA-243 - x86: Disable the use of auto-translated PV guestsx86: Disable the use of auto-translated PV guests - x86/shadow: Don't create self-linear shadow mappings for 4-level translated guests - XSA-244 - x86/cpu: Fix IST handling during PCPU bringup * Applying Xen Security Advisories: - XSA-226 / CVE-2017-12135 - gnttab: don't use possibly unbounded tail calls - gnttab: fix transitive grant handling - XSA-227 / CVE-2017-12137 - x86/grant: Disallow misaligned PTEs - XSA-230 / CVE-2017-12855 - gnttab: correct pin status fixup for copy
applied/ubuntu/xenial-devel	2017-10-16 12:58:34 UTC 2017-10-16	Import patches-applied version 4.6.5-0ubuntu1.4 to applied/ubuntu/xenial-secu... Author: Stefan Bader Author Date: 2017-10-11 13:41:03 UTC Import patches-applied version 4.6.5-0ubuntu1.4 to applied/ubuntu/xenial-security Imported using git-ubuntu import. Changelog parent: cc7fb8a0d6c306c1df71f62ec1b8f31f87d52cca Unapplied parent: 1430dad59a508366af2b230b50e145176f70b74e New changelog entries: * Applying Xen Security Advisories: - CVE-2017-14316 / XSA-231 - xen/mm: make sure node is less than MAX_NUMNODES - CVE-2017-14318 / XSA-232 - grant_table: fix GNTTABOP_cache_flush handling - CVE-2017-14317 / XSA-233 - tools/xenstore: dont unlink connection object twice - CVE-2017-14319 / XSA-234 - gnttab: also validate PTE permissions upon destroy/replace - XSA-235 - arm/mm: release grant lock on xenmem_add_to_physmap_one() error paths - XSA-237 - x86: don't allow MSI pIRQ mapping on unowned device - x86: enforce proper privilege when (un)mapping pIRQ-s - x86/MSI: disallow redundant enabling - x86/IRQ: conditionally preserve irq <-> pirq mapping on map error paths - x86/FLASK: fix unmap-domain-IRQ XSM hook - XSA-238 - x86/ioreq server: correctly handle bogus XEN_DMOP_{,un}map_io_range_to_ioreq_server arguments - XSA-239 - x86/HVM: prefill partially used variable on emulation paths - XSA-240 - x86: limit linear page table use to a single level - x86/mm: Disable PV linear pagetables by default - XSA-241 - x86: don't store possibly stale TLB flush time stamp - XSA-242 - x86: don't allow page_unlock() to drop the last type reference - XSA-243 - x86: Disable the use of auto-translated PV guestsx86: Disable the use of auto-translated PV guests - x86/shadow: Don't create self-linear shadow mappings for 4-level translated guests - XSA-244 - x86/cpu: Fix IST handling during PCPU bringup - XSA-245 - xen/page_alloc: Cover memory unreserved after boot in first_valid_mfn - xen/arm: Correctly report the memory region in the dummy NUMA helpers * Applying Xen Security Advisories: - XSA-226 / CVE-2017-12135 - gnttab: don't use possibly unbounded tail calls - gnttab: fix transitive grant handling - XSA-227 / CVE-2017-12137 - x86/grant: Disallow misaligned PTEs - XSA-228 / CVE-2017-12136 - gnttab: split maptrack lock to make it fulfill its purpose again - XSA-230 / CVE-2017-12855 - gnttab: correct pin status fixup for copy
applied/ubuntu/xenial-security	2017-10-16 12:58:34 UTC 2017-10-16	Import patches-applied version 4.6.5-0ubuntu1.4 to applied/ubuntu/xenial-secu... Author: Stefan Bader Author Date: 2017-10-11 13:41:03 UTC Import patches-applied version 4.6.5-0ubuntu1.4 to applied/ubuntu/xenial-security Imported using git-ubuntu import. Changelog parent: cc7fb8a0d6c306c1df71f62ec1b8f31f87d52cca Unapplied parent: 1430dad59a508366af2b230b50e145176f70b74e New changelog entries: * Applying Xen Security Advisories: - CVE-2017-14316 / XSA-231 - xen/mm: make sure node is less than MAX_NUMNODES - CVE-2017-14318 / XSA-232 - grant_table: fix GNTTABOP_cache_flush handling - CVE-2017-14317 / XSA-233 - tools/xenstore: dont unlink connection object twice - CVE-2017-14319 / XSA-234 - gnttab: also validate PTE permissions upon destroy/replace - XSA-235 - arm/mm: release grant lock on xenmem_add_to_physmap_one() error paths - XSA-237 - x86: don't allow MSI pIRQ mapping on unowned device - x86: enforce proper privilege when (un)mapping pIRQ-s - x86/MSI: disallow redundant enabling - x86/IRQ: conditionally preserve irq <-> pirq mapping on map error paths - x86/FLASK: fix unmap-domain-IRQ XSM hook - XSA-238 - x86/ioreq server: correctly handle bogus XEN_DMOP_{,un}map_io_range_to_ioreq_server arguments - XSA-239 - x86/HVM: prefill partially used variable on emulation paths - XSA-240 - x86: limit linear page table use to a single level - x86/mm: Disable PV linear pagetables by default - XSA-241 - x86: don't store possibly stale TLB flush time stamp - XSA-242 - x86: don't allow page_unlock() to drop the last type reference - XSA-243 - x86: Disable the use of auto-translated PV guestsx86: Disable the use of auto-translated PV guests - x86/shadow: Don't create self-linear shadow mappings for 4-level translated guests - XSA-244 - x86/cpu: Fix IST handling during PCPU bringup - XSA-245 - xen/page_alloc: Cover memory unreserved after boot in first_valid_mfn - xen/arm: Correctly report the memory region in the dummy NUMA helpers * Applying Xen Security Advisories: - XSA-226 / CVE-2017-12135 - gnttab: don't use possibly unbounded tail calls - gnttab: fix transitive grant handling - XSA-227 / CVE-2017-12137 - x86/grant: Disallow misaligned PTEs - XSA-228 / CVE-2017-12136 - gnttab: split maptrack lock to make it fulfill its purpose again - XSA-230 / CVE-2017-12855 - gnttab: correct pin status fixup for copy
applied/ubuntu/xenial-updates	2017-10-16 12:58:34 UTC 2017-10-16	Import patches-applied version 4.6.5-0ubuntu1.4 to applied/ubuntu/xenial-secu... Author: Stefan Bader Author Date: 2017-10-11 13:41:03 UTC Import patches-applied version 4.6.5-0ubuntu1.4 to applied/ubuntu/xenial-security Imported using git-ubuntu import. Changelog parent: cc7fb8a0d6c306c1df71f62ec1b8f31f87d52cca Unapplied parent: 1430dad59a508366af2b230b50e145176f70b74e New changelog entries: * Applying Xen Security Advisories: - CVE-2017-14316 / XSA-231 - xen/mm: make sure node is less than MAX_NUMNODES - CVE-2017-14318 / XSA-232 - grant_table: fix GNTTABOP_cache_flush handling - CVE-2017-14317 / XSA-233 - tools/xenstore: dont unlink connection object twice - CVE-2017-14319 / XSA-234 - gnttab: also validate PTE permissions upon destroy/replace - XSA-235 - arm/mm: release grant lock on xenmem_add_to_physmap_one() error paths - XSA-237 - x86: don't allow MSI pIRQ mapping on unowned device - x86: enforce proper privilege when (un)mapping pIRQ-s - x86/MSI: disallow redundant enabling - x86/IRQ: conditionally preserve irq <-> pirq mapping on map error paths - x86/FLASK: fix unmap-domain-IRQ XSM hook - XSA-238 - x86/ioreq server: correctly handle bogus XEN_DMOP_{,un}map_io_range_to_ioreq_server arguments - XSA-239 - x86/HVM: prefill partially used variable on emulation paths - XSA-240 - x86: limit linear page table use to a single level - x86/mm: Disable PV linear pagetables by default - XSA-241 - x86: don't store possibly stale TLB flush time stamp - XSA-242 - x86: don't allow page_unlock() to drop the last type reference - XSA-243 - x86: Disable the use of auto-translated PV guestsx86: Disable the use of auto-translated PV guests - x86/shadow: Don't create self-linear shadow mappings for 4-level translated guests - XSA-244 - x86/cpu: Fix IST handling during PCPU bringup - XSA-245 - xen/page_alloc: Cover memory unreserved after boot in first_valid_mfn - xen/arm: Correctly report the memory region in the dummy NUMA helpers * Applying Xen Security Advisories: - XSA-226 / CVE-2017-12135 - gnttab: don't use possibly unbounded tail calls - gnttab: fix transitive grant handling - XSA-227 / CVE-2017-12137 - x86/grant: Disallow misaligned PTEs - XSA-228 / CVE-2017-12136 - gnttab: split maptrack lock to make it fulfill its purpose again - XSA-230 / CVE-2017-12855 - gnttab: correct pin status fixup for copy
applied/ubuntu/zesty-devel	2017-10-16 12:58:34 UTC 2017-10-16	Import patches-applied version 4.8.0-1ubuntu2.4 to applied/ubuntu/zesty-security Author: Stefan Bader Author Date: 2017-10-11 12:42:34 UTC Import patches-applied version 4.8.0-1ubuntu2.4 to applied/ubuntu/zesty-security Imported using git-ubuntu import. Changelog parent: 193ef13050adeab7e564ebd4d2c1756968fb01d0 Unapplied parent: 53a3f4797010b030243929d12dae324b2224dc63 New changelog entries: * Applying Xen Security Advisories: - CVE-2017-14316 / XSA-231 - xen/mm: make sure node is less than MAX_NUMNODES - CVE-2017-14318 / XSA-232 - grant_table: fix GNTTABOP_cache_flush handling - CVE-2017-14317 / XSA-233 - tools/xenstore: dont unlink connection object twice - CVE-2017-14319 / XSA-234 - gnttab: also validate PTE permissions upon destroy/replace - XSA-235 - arm/mm: release grant lock on xenmem_add_to_physmap_one() error paths - XSA-237 - x86: don't allow MSI pIRQ mapping on unowned device - x86: enforce proper privilege when (un)mapping pIRQ-s - x86/MSI: disallow redundant enabling - x86/IRQ: conditionally preserve irq <-> pirq mapping on map error paths - x86/FLASK: fix unmap-domain-IRQ XSM hook - XSA-238 - x86/ioreq server: correctly handle bogus XEN_DMOP_{,un}map_io_range_to_ioreq_server arguments - XSA-239 - x86/HVM: prefill partially used variable on emulation paths - XSA-240 - x86: limit linear page table use to a single level - x86/mm: Disable PV linear pagetables by default - XSA-241 - x86: don't store possibly stale TLB flush time stamp - XSA-242 - x86: don't allow page_unlock() to drop the last type reference - XSA-243 - x86/shadow: Don't create self-linear shadow mappings for 4-level translated guests - XSA-244 - x86/cpu: Fix IST handling during PCPU bringup - XSA-245 - xen/page_alloc: Cover memory unreserved after boot in first_valid_mfn - xen/arm: Correctly report the memory region in the dummy NUMA helpers * Applying Xen Security Advisories: - XSA-226 / CVE-2017-12135 - gnttab: don't use possibly unbounded tail calls - gnttab: fix transitive grant handling - XSA-227 / CVE-2017-12137 - x86/grant: Disallow misaligned PTEs - XSA-228 / CVE-2017-12136 - gnttab: split maptrack lock to make it fulfill its purpose again - XSA-230 / CVE-2017-12855 - gnttab: correct pin status fixup for copy
applied/ubuntu/zesty-updates	2017-10-16 12:58:34 UTC 2017-10-16	Import patches-applied version 4.8.0-1ubuntu2.4 to applied/ubuntu/zesty-security Author: Stefan Bader Author Date: 2017-10-11 12:42:34 UTC Import patches-applied version 4.8.0-1ubuntu2.4 to applied/ubuntu/zesty-security Imported using git-ubuntu import. Changelog parent: 193ef13050adeab7e564ebd4d2c1756968fb01d0 Unapplied parent: 53a3f4797010b030243929d12dae324b2224dc63 New changelog entries: * Applying Xen Security Advisories: - CVE-2017-14316 / XSA-231 - xen/mm: make sure node is less than MAX_NUMNODES - CVE-2017-14318 / XSA-232 - grant_table: fix GNTTABOP_cache_flush handling - CVE-2017-14317 / XSA-233 - tools/xenstore: dont unlink connection object twice - CVE-2017-14319 / XSA-234 - gnttab: also validate PTE permissions upon destroy/replace - XSA-235 - arm/mm: release grant lock on xenmem_add_to_physmap_one() error paths - XSA-237 - x86: don't allow MSI pIRQ mapping on unowned device - x86: enforce proper privilege when (un)mapping pIRQ-s - x86/MSI: disallow redundant enabling - x86/IRQ: conditionally preserve irq <-> pirq mapping on map error paths - x86/FLASK: fix unmap-domain-IRQ XSM hook - XSA-238 - x86/ioreq server: correctly handle bogus XEN_DMOP_{,un}map_io_range_to_ioreq_server arguments - XSA-239 - x86/HVM: prefill partially used variable on emulation paths - XSA-240 - x86: limit linear page table use to a single level - x86/mm: Disable PV linear pagetables by default - XSA-241 - x86: don't store possibly stale TLB flush time stamp - XSA-242 - x86: don't allow page_unlock() to drop the last type reference - XSA-243 - x86/shadow: Don't create self-linear shadow mappings for 4-level translated guests - XSA-244 - x86/cpu: Fix IST handling during PCPU bringup - XSA-245 - xen/page_alloc: Cover memory unreserved after boot in first_valid_mfn - xen/arm: Correctly report the memory region in the dummy NUMA helpers * Applying Xen Security Advisories: - XSA-226 / CVE-2017-12135 - gnttab: don't use possibly unbounded tail calls - gnttab: fix transitive grant handling - XSA-227 / CVE-2017-12137 - x86/grant: Disallow misaligned PTEs - XSA-228 / CVE-2017-12136 - gnttab: split maptrack lock to make it fulfill its purpose again - XSA-230 / CVE-2017-12855 - gnttab: correct pin status fixup for copy
ubuntu/artful-proposed	2017-10-13 16:13:22 UTC 2017-10-13	Import patches-unapplied version 4.9.0-0ubuntu3 to ubuntu/artful-proposed Author: Stefan Bader Author Date: 2017-10-10 09:24:52 UTC Import patches-unapplied version 4.9.0-0ubuntu3 to ubuntu/artful-proposed Imported using git-ubuntu import. Changelog parent: d382394889922fef2ab4e96bc5bd13c1badf4e7a New changelog entries: * Applying Xen Security Advisories: - CVE-2017-12135 / XSA-226 - Revert: grant_table: Default to v1, and disallow transitive grants - gnttab: don't use possibly unbounded tail calls - gnttab: fix transitive grant handling - CVE-2017-14316 / XSA-231 - xen/mm: make sure node is less than MAX_NUMNODES - CVE-2017-14318 / XSA-232 - grant_table: fix GNTTABOP_cache_flush handling - CVE-2017-14317 / XSA-233 - tools/xenstore: dont unlink connection object twice - CVE-2017-14319 / XSA-234 - gnttab: also validate PTE permissions upon destroy/replace - XSA-235 - arm/mm: release grant lock on xenmem_add_to_physmap_one() error paths - XSA-237 - x86: don't allow MSI pIRQ mapping on unowned device - x86: enforce proper privilege when (un)mapping pIRQ-s - x86/MSI: disallow redundant enabling - x86/IRQ: conditionally preserve irq <-> pirq mapping on map error paths - x86/FLASK: fix unmap-domain-IRQ XSM hook - XSA-238 - x86/ioreq server: correctly handle bogus XEN_DMOP_{,un}map_io_range_to_ioreq_server arguments - XSA-239 - x86/HVM: prefill partially used variable on emulation paths - XSA-240 - x86: limit linear page table use to a single level - x86/mm: Disable PV linear pagetables by default - XSA-241 - x86: don't store possibly stale TLB flush time stamp - XSA-242 - x86: don't allow page_unlock() to drop the last type reference - XSA-243 - x86/shadow: Don't create self-linear shadow mappings for 4-level translated guests - XSA-244 - x86/cpu: Fix IST handling during PCPU bringup - XSA-245 - xen/page_alloc: Cover memory unreserved after boot in first_valid_mfn - xen/arm: Correctly report the memory region in the dummy NUMA helpers
applied/ubuntu/artful	2017-10-13 16:13:22 UTC 2017-10-13	Import patches-applied version 4.9.0-0ubuntu3 to applied/ubuntu/artful-proposed Author: Stefan Bader Author Date: 2017-10-10 09:24:52 UTC Import patches-applied version 4.9.0-0ubuntu3 to applied/ubuntu/artful-proposed Imported using git-ubuntu import. Changelog parent: 3fd751e5b506b09bcb2a5d50360f7e73a27a9ff2 Unapplied parent: 85e4c1762feef86e4e2623801737eb1e218b27e3 New changelog entries: * Applying Xen Security Advisories: - CVE-2017-12135 / XSA-226 - Revert: grant_table: Default to v1, and disallow transitive grants - gnttab: don't use possibly unbounded tail calls - gnttab: fix transitive grant handling - CVE-2017-14316 / XSA-231 - xen/mm: make sure node is less than MAX_NUMNODES - CVE-2017-14318 / XSA-232 - grant_table: fix GNTTABOP_cache_flush handling - CVE-2017-14317 / XSA-233 - tools/xenstore: dont unlink connection object twice - CVE-2017-14319 / XSA-234 - gnttab: also validate PTE permissions upon destroy/replace - XSA-235 - arm/mm: release grant lock on xenmem_add_to_physmap_one() error paths - XSA-237 - x86: don't allow MSI pIRQ mapping on unowned device - x86: enforce proper privilege when (un)mapping pIRQ-s - x86/MSI: disallow redundant enabling - x86/IRQ: conditionally preserve irq <-> pirq mapping on map error paths - x86/FLASK: fix unmap-domain-IRQ XSM hook - XSA-238 - x86/ioreq server: correctly handle bogus XEN_DMOP_{,un}map_io_range_to_ioreq_server arguments - XSA-239 - x86/HVM: prefill partially used variable on emulation paths - XSA-240 - x86: limit linear page table use to a single level - x86/mm: Disable PV linear pagetables by default - XSA-241 - x86: don't store possibly stale TLB flush time stamp - XSA-242 - x86: don't allow page_unlock() to drop the last type reference - XSA-243 - x86/shadow: Don't create self-linear shadow mappings for 4-level translated guests - XSA-244 - x86/cpu: Fix IST handling during PCPU bringup - XSA-245 - xen/page_alloc: Cover memory unreserved after boot in first_valid_mfn - xen/arm: Correctly report the memory region in the dummy NUMA helpers
applied/ubuntu/artful-devel	2017-10-13 16:13:22 UTC 2017-10-13	Import patches-applied version 4.9.0-0ubuntu3 to applied/ubuntu/artful-proposed Author: Stefan Bader Author Date: 2017-10-10 09:24:52 UTC Import patches-applied version 4.9.0-0ubuntu3 to applied/ubuntu/artful-proposed Imported using git-ubuntu import. Changelog parent: 3fd751e5b506b09bcb2a5d50360f7e73a27a9ff2 Unapplied parent: 85e4c1762feef86e4e2623801737eb1e218b27e3 New changelog entries: * Applying Xen Security Advisories: - CVE-2017-12135 / XSA-226 - Revert: grant_table: Default to v1, and disallow transitive grants - gnttab: don't use possibly unbounded tail calls - gnttab: fix transitive grant handling - CVE-2017-14316 / XSA-231 - xen/mm: make sure node is less than MAX_NUMNODES - CVE-2017-14318 / XSA-232 - grant_table: fix GNTTABOP_cache_flush handling - CVE-2017-14317 / XSA-233 - tools/xenstore: dont unlink connection object twice - CVE-2017-14319 / XSA-234 - gnttab: also validate PTE permissions upon destroy/replace - XSA-235 - arm/mm: release grant lock on xenmem_add_to_physmap_one() error paths - XSA-237 - x86: don't allow MSI pIRQ mapping on unowned device - x86: enforce proper privilege when (un)mapping pIRQ-s - x86/MSI: disallow redundant enabling - x86/IRQ: conditionally preserve irq <-> pirq mapping on map error paths - x86/FLASK: fix unmap-domain-IRQ XSM hook - XSA-238 - x86/ioreq server: correctly handle bogus XEN_DMOP_{,un}map_io_range_to_ioreq_server arguments - XSA-239 - x86/HVM: prefill partially used variable on emulation paths - XSA-240 - x86: limit linear page table use to a single level - x86/mm: Disable PV linear pagetables by default - XSA-241 - x86: don't store possibly stale TLB flush time stamp - XSA-242 - x86: don't allow page_unlock() to drop the last type reference - XSA-243 - x86/shadow: Don't create self-linear shadow mappings for 4-level translated guests - XSA-244 - x86/cpu: Fix IST handling during PCPU bringup - XSA-245 - xen/page_alloc: Cover memory unreserved after boot in first_valid_mfn - xen/arm: Correctly report the memory region in the dummy NUMA helpers
applied/ubuntu/artful-proposed	2017-10-13 16:13:22 UTC 2017-10-13	Import patches-applied version 4.9.0-0ubuntu3 to applied/ubuntu/artful-proposed Author: Stefan Bader Author Date: 2017-10-10 09:24:52 UTC Import patches-applied version 4.9.0-0ubuntu3 to applied/ubuntu/artful-proposed Imported using git-ubuntu import. Changelog parent: 3fd751e5b506b09bcb2a5d50360f7e73a27a9ff2 Unapplied parent: 85e4c1762feef86e4e2623801737eb1e218b27e3 New changelog entries: * Applying Xen Security Advisories: - CVE-2017-12135 / XSA-226 - Revert: grant_table: Default to v1, and disallow transitive grants - gnttab: don't use possibly unbounded tail calls - gnttab: fix transitive grant handling - CVE-2017-14316 / XSA-231 - xen/mm: make sure node is less than MAX_NUMNODES - CVE-2017-14318 / XSA-232 - grant_table: fix GNTTABOP_cache_flush handling - CVE-2017-14317 / XSA-233 - tools/xenstore: dont unlink connection object twice - CVE-2017-14319 / XSA-234 - gnttab: also validate PTE permissions upon destroy/replace - XSA-235 - arm/mm: release grant lock on xenmem_add_to_physmap_one() error paths - XSA-237 - x86: don't allow MSI pIRQ mapping on unowned device - x86: enforce proper privilege when (un)mapping pIRQ-s - x86/MSI: disallow redundant enabling - x86/IRQ: conditionally preserve irq <-> pirq mapping on map error paths - x86/FLASK: fix unmap-domain-IRQ XSM hook - XSA-238 - x86/ioreq server: correctly handle bogus XEN_DMOP_{,un}map_io_range_to_ioreq_server arguments - XSA-239 - x86/HVM: prefill partially used variable on emulation paths - XSA-240 - x86: limit linear page table use to a single level - x86/mm: Disable PV linear pagetables by default - XSA-241 - x86: don't store possibly stale TLB flush time stamp - XSA-242 - x86: don't allow page_unlock() to drop the last type reference - XSA-243 - x86/shadow: Don't create self-linear shadow mappings for 4-level translated guests - XSA-244 - x86/cpu: Fix IST handling during PCPU bringup - XSA-245 - xen/page_alloc: Cover memory unreserved after boot in first_valid_mfn - xen/arm: Correctly report the memory region in the dummy NUMA helpers
ubuntu/artful	2017-10-13 16:13:22 UTC 2017-10-13	Import patches-unapplied version 4.9.0-0ubuntu3 to ubuntu/artful-proposed Author: Stefan Bader Author Date: 2017-10-10 09:24:52 UTC Import patches-unapplied version 4.9.0-0ubuntu3 to ubuntu/artful-proposed Imported using git-ubuntu import. Changelog parent: d382394889922fef2ab4e96bc5bd13c1badf4e7a New changelog entries: * Applying Xen Security Advisories: - CVE-2017-12135 / XSA-226 - Revert: grant_table: Default to v1, and disallow transitive grants - gnttab: don't use possibly unbounded tail calls - gnttab: fix transitive grant handling - CVE-2017-14316 / XSA-231 - xen/mm: make sure node is less than MAX_NUMNODES - CVE-2017-14318 / XSA-232 - grant_table: fix GNTTABOP_cache_flush handling - CVE-2017-14317 / XSA-233 - tools/xenstore: dont unlink connection object twice - CVE-2017-14319 / XSA-234 - gnttab: also validate PTE permissions upon destroy/replace - XSA-235 - arm/mm: release grant lock on xenmem_add_to_physmap_one() error paths - XSA-237 - x86: don't allow MSI pIRQ mapping on unowned device - x86: enforce proper privilege when (un)mapping pIRQ-s - x86/MSI: disallow redundant enabling - x86/IRQ: conditionally preserve irq <-> pirq mapping on map error paths - x86/FLASK: fix unmap-domain-IRQ XSM hook - XSA-238 - x86/ioreq server: correctly handle bogus XEN_DMOP_{,un}map_io_range_to_ioreq_server arguments - XSA-239 - x86/HVM: prefill partially used variable on emulation paths - XSA-240 - x86: limit linear page table use to a single level - x86/mm: Disable PV linear pagetables by default - XSA-241 - x86: don't store possibly stale TLB flush time stamp - XSA-242 - x86: don't allow page_unlock() to drop the last type reference - XSA-243 - x86/shadow: Don't create self-linear shadow mappings for 4-level translated guests - XSA-244 - x86/cpu: Fix IST handling during PCPU bringup - XSA-245 - xen/page_alloc: Cover memory unreserved after boot in first_valid_mfn - xen/arm: Correctly report the memory region in the dummy NUMA helpers
ubuntu/artful-devel	2017-10-13 16:13:22 UTC 2017-10-13	Import patches-unapplied version 4.9.0-0ubuntu3 to ubuntu/artful-proposed Author: Stefan Bader Author Date: 2017-10-10 09:24:52 UTC Import patches-unapplied version 4.9.0-0ubuntu3 to ubuntu/artful-proposed Imported using git-ubuntu import. Changelog parent: d382394889922fef2ab4e96bc5bd13c1badf4e7a New changelog entries: * Applying Xen Security Advisories: - CVE-2017-12135 / XSA-226 - Revert: grant_table: Default to v1, and disallow transitive grants - gnttab: don't use possibly unbounded tail calls - gnttab: fix transitive grant handling - CVE-2017-14316 / XSA-231 - xen/mm: make sure node is less than MAX_NUMNODES - CVE-2017-14318 / XSA-232 - grant_table: fix GNTTABOP_cache_flush handling - CVE-2017-14317 / XSA-233 - tools/xenstore: dont unlink connection object twice - CVE-2017-14319 / XSA-234 - gnttab: also validate PTE permissions upon destroy/replace - XSA-235 - arm/mm: release grant lock on xenmem_add_to_physmap_one() error paths - XSA-237 - x86: don't allow MSI pIRQ mapping on unowned device - x86: enforce proper privilege when (un)mapping pIRQ-s - x86/MSI: disallow redundant enabling - x86/IRQ: conditionally preserve irq <-> pirq mapping on map error paths - x86/FLASK: fix unmap-domain-IRQ XSM hook - XSA-238 - x86/ioreq server: correctly handle bogus XEN_DMOP_{,un}map_io_range_to_ioreq_server arguments - XSA-239 - x86/HVM: prefill partially used variable on emulation paths - XSA-240 - x86: limit linear page table use to a single level - x86/mm: Disable PV linear pagetables by default - XSA-241 - x86: don't store possibly stale TLB flush time stamp - XSA-242 - x86: don't allow page_unlock() to drop the last type reference - XSA-243 - x86/shadow: Don't create self-linear shadow mappings for 4-level translated guests - XSA-244 - x86/cpu: Fix IST handling during PCPU bringup - XSA-245 - xen/page_alloc: Cover memory unreserved after boot in first_valid_mfn - xen/arm: Correctly report the memory region in the dummy NUMA helpers
applied/ubuntu/yakkety-devel	2017-07-18 12:49:02 UTC 2017-07-18	Import patches-applied version 4.7.2-0ubuntu1.3 to applied/ubuntu/yakkety-sec... Author: Stefan Bader Author Date: 2017-07-03 14:12:19 UTC Import patches-applied version 4.7.2-0ubuntu1.3 to applied/ubuntu/yakkety-security Imported using git-ubuntu import. Changelog parent: f5c37a764c0b46ecc017c684e05d9011d276f42c Unapplied parent: bd13e44d0cdfc4dfcf5fe8a770b084b60302bb5c New changelog entries: * Applying Xen Security Advisories: - XSA-217 - x86/mm: disallow page stealing from HVM domains - XSA-218 - IOMMU: handle IOMMU mapping and unmapping failures - gnttab: fix unmap pin accounting race - gnttab: Avoid potential double-put of maptrack entry - gnttab: correct maptrack table accesses - XSA-219 - 86/shadow: Hold references for the duration of emulated writes - XSA-220 - x86: avoid leaking PKRU and BND* between vCPU-s - XSA-221 - evtchn: avoid NULL derefs - XSA-222 - xen/memory: Fix return value handing of guest_remove_page() - guest_physmap_remove_page() needs its return value checked - XSA-223 - arm: vgic: Don't update the LR when the IRQ is not enabled - XSA-224 - gnttab: Fix handling of dev_bus_addr during unmap - gnttab: never create host mapping unless asked to - gnttab: correct logic to get page references during map requests - gnttab: __gnttab_unmap_common_complete() is all-or-nothing - XSA-225 - xen/arm: vgic: Sanitize target mask used to send SGI
applied/ubuntu/yakkety-security	2017-07-18 12:49:02 UTC 2017-07-18	Import patches-applied version 4.7.2-0ubuntu1.3 to applied/ubuntu/yakkety-sec... Author: Stefan Bader Author Date: 2017-07-03 14:12:19 UTC Import patches-applied version 4.7.2-0ubuntu1.3 to applied/ubuntu/yakkety-security Imported using git-ubuntu import. Changelog parent: f5c37a764c0b46ecc017c684e05d9011d276f42c Unapplied parent: bd13e44d0cdfc4dfcf5fe8a770b084b60302bb5c New changelog entries: * Applying Xen Security Advisories: - XSA-217 - x86/mm: disallow page stealing from HVM domains - XSA-218 - IOMMU: handle IOMMU mapping and unmapping failures - gnttab: fix unmap pin accounting race - gnttab: Avoid potential double-put of maptrack entry - gnttab: correct maptrack table accesses - XSA-219 - 86/shadow: Hold references for the duration of emulated writes - XSA-220 - x86: avoid leaking PKRU and BND* between vCPU-s - XSA-221 - evtchn: avoid NULL derefs - XSA-222 - xen/memory: Fix return value handing of guest_remove_page() - guest_physmap_remove_page() needs its return value checked - XSA-223 - arm: vgic: Don't update the LR when the IRQ is not enabled - XSA-224 - gnttab: Fix handling of dev_bus_addr during unmap - gnttab: never create host mapping unless asked to - gnttab: correct logic to get page references during map requests - gnttab: __gnttab_unmap_common_complete() is all-or-nothing - XSA-225 - xen/arm: vgic: Sanitize target mask used to send SGI
ubuntu/yakkety-devel	2017-07-18 12:49:02 UTC 2017-07-18	Import patches-unapplied version 4.7.2-0ubuntu1.3 to ubuntu/yakkety-security Author: Stefan Bader Author Date: 2017-07-03 14:12:19 UTC Import patches-unapplied version 4.7.2-0ubuntu1.3 to ubuntu/yakkety-security Imported using git-ubuntu import. Changelog parent: 9454f2ff54378590226b054413fa6bbbf4299898 New changelog entries: * Applying Xen Security Advisories: - XSA-217 - x86/mm: disallow page stealing from HVM domains - XSA-218 - IOMMU: handle IOMMU mapping and unmapping failures - gnttab: fix unmap pin accounting race - gnttab: Avoid potential double-put of maptrack entry - gnttab: correct maptrack table accesses - XSA-219 - 86/shadow: Hold references for the duration of emulated writes - XSA-220 - x86: avoid leaking PKRU and BND* between vCPU-s - XSA-221 - evtchn: avoid NULL derefs - XSA-222 - xen/memory: Fix return value handing of guest_remove_page() - guest_physmap_remove_page() needs its return value checked - XSA-223 - arm: vgic: Don't update the LR when the IRQ is not enabled - XSA-224 - gnttab: Fix handling of dev_bus_addr during unmap - gnttab: never create host mapping unless asked to - gnttab: correct logic to get page references during map requests - gnttab: __gnttab_unmap_common_complete() is all-or-nothing - XSA-225 - xen/arm: vgic: Sanitize target mask used to send SGI
ubuntu/yakkety-security	2017-07-18 12:49:02 UTC 2017-07-18	Import patches-unapplied version 4.7.2-0ubuntu1.3 to ubuntu/yakkety-security Author: Stefan Bader Author Date: 2017-07-03 14:12:19 UTC Import patches-unapplied version 4.7.2-0ubuntu1.3 to ubuntu/yakkety-security Imported using git-ubuntu import. Changelog parent: 9454f2ff54378590226b054413fa6bbbf4299898 New changelog entries: * Applying Xen Security Advisories: - XSA-217 - x86/mm: disallow page stealing from HVM domains - XSA-218 - IOMMU: handle IOMMU mapping and unmapping failures - gnttab: fix unmap pin accounting race - gnttab: Avoid potential double-put of maptrack entry - gnttab: correct maptrack table accesses - XSA-219 - 86/shadow: Hold references for the duration of emulated writes - XSA-220 - x86: avoid leaking PKRU and BND* between vCPU-s - XSA-221 - evtchn: avoid NULL derefs - XSA-222 - xen/memory: Fix return value handing of guest_remove_page() - guest_physmap_remove_page() needs its return value checked - XSA-223 - arm: vgic: Don't update the LR when the IRQ is not enabled - XSA-224 - gnttab: Fix handling of dev_bus_addr during unmap - gnttab: never create host mapping unless asked to - gnttab: correct logic to get page references during map requests - gnttab: __gnttab_unmap_common_complete() is all-or-nothing - XSA-225 - xen/arm: vgic: Sanitize target mask used to send SGI
ubuntu/yakkety-updates	2017-07-18 12:49:02 UTC 2017-07-18	Import patches-unapplied version 4.7.2-0ubuntu1.3 to ubuntu/yakkety-security Author: Stefan Bader Author Date: 2017-07-03 14:12:19 UTC Import patches-unapplied version 4.7.2-0ubuntu1.3 to ubuntu/yakkety-security Imported using git-ubuntu import. Changelog parent: 9454f2ff54378590226b054413fa6bbbf4299898 New changelog entries: * Applying Xen Security Advisories: - XSA-217 - x86/mm: disallow page stealing from HVM domains - XSA-218 - IOMMU: handle IOMMU mapping and unmapping failures - gnttab: fix unmap pin accounting race - gnttab: Avoid potential double-put of maptrack entry - gnttab: correct maptrack table accesses - XSA-219 - 86/shadow: Hold references for the duration of emulated writes - XSA-220 - x86: avoid leaking PKRU and BND* between vCPU-s - XSA-221 - evtchn: avoid NULL derefs - XSA-222 - xen/memory: Fix return value handing of guest_remove_page() - guest_physmap_remove_page() needs its return value checked - XSA-223 - arm: vgic: Don't update the LR when the IRQ is not enabled - XSA-224 - gnttab: Fix handling of dev_bus_addr during unmap - gnttab: never create host mapping unless asked to - gnttab: correct logic to get page references during map requests - gnttab: __gnttab_unmap_common_complete() is all-or-nothing - XSA-225 - xen/arm: vgic: Sanitize target mask used to send SGI
applied/ubuntu/yakkety-updates	2017-07-18 12:49:02 UTC 2017-07-18	Import patches-applied version 4.7.2-0ubuntu1.3 to applied/ubuntu/yakkety-sec... Author: Stefan Bader Author Date: 2017-07-03 14:12:19 UTC Import patches-applied version 4.7.2-0ubuntu1.3 to applied/ubuntu/yakkety-security Imported using git-ubuntu import. Changelog parent: f5c37a764c0b46ecc017c684e05d9011d276f42c Unapplied parent: bd13e44d0cdfc4dfcf5fe8a770b084b60302bb5c New changelog entries: * Applying Xen Security Advisories: - XSA-217 - x86/mm: disallow page stealing from HVM domains - XSA-218 - IOMMU: handle IOMMU mapping and unmapping failures - gnttab: fix unmap pin accounting race - gnttab: Avoid potential double-put of maptrack entry - gnttab: correct maptrack table accesses - XSA-219 - 86/shadow: Hold references for the duration of emulated writes - XSA-220 - x86: avoid leaking PKRU and BND* between vCPU-s - XSA-221 - evtchn: avoid NULL derefs - XSA-222 - xen/memory: Fix return value handing of guest_remove_page() - guest_physmap_remove_page() needs its return value checked - XSA-223 - arm: vgic: Don't update the LR when the IRQ is not enabled - XSA-224 - gnttab: Fix handling of dev_bus_addr during unmap - gnttab: never create host mapping unless asked to - gnttab: correct logic to get page references during map requests - gnttab: __gnttab_unmap_common_complete() is all-or-nothing - XSA-225 - xen/arm: vgic: Sanitize target mask used to send SGI
applied/ubuntu/trusty-proposed	2017-03-16 18:48:46 UTC 2017-03-16	Import patches-applied version 4.4.2-0ubuntu0.14.04.10 to applied/ubuntu/trus... Author: Stefan Bader Author Date: 2017-03-14 10:17:48 UTC Import patches-applied version 4.4.2-0ubuntu0.14.04.10 to applied/ubuntu/trusty-proposed Imported using git-ubuntu import. Changelog parent: 8cacf365bac19f5450b8b12207ed46e902476d13 Unapplied parent: 8070aef6fbe07ff94defb1c80cbb9d6a7eb1bd59 New changelog entries: * Backport upstream change to fix TSC_ADJUST MSR handling in HVM guests running on Intel based hosts (LP: #1671760)
ubuntu/trusty-proposed	2017-03-16 18:48:46 UTC 2017-03-16	Import patches-unapplied version 4.4.2-0ubuntu0.14.04.10 to ubuntu/trusty-pro... Author: Stefan Bader Author Date: 2017-03-14 10:17:48 UTC Import patches-unapplied version 4.4.2-0ubuntu0.14.04.10 to ubuntu/trusty-proposed Imported using git-ubuntu import. Changelog parent: 6b7754924f372d11d29c1fd7dba1fd94e3385d32 New changelog entries: * Backport upstream change to fix TSC_ADJUST MSR handling in HVM guests running on Intel based hosts (LP: #1671760)
ubuntu/xenial-proposed	2017-03-16 18:18:27 UTC 2017-03-16	Import patches-unapplied version 4.6.5-0ubuntu1 to ubuntu/xenial-proposed Author: Stefan Bader Author Date: 2017-03-14 15:08:39 UTC Import patches-unapplied version 4.6.5-0ubuntu1 to ubuntu/xenial-proposed Imported using git-ubuntu import. Changelog parent: d64bb210dd9e23bc1dfe6b428b581a9c136fd8fc New changelog entries: * Rebasing to upstream stable release 4.6.5 (LP: #1671864) https://www.xenproject.org/downloads/xen-archives/xen-46-series.html - Includes fix for booting 4.10 Linux kernels in HVM guests on Intel hosts which support the TSC_ADJUST MSR (LP: #1671760) - Additional security relevant changes: * CVE-2013-2076 / XSA-052 (update) - Information leak on XSAVE/XRSTOR capable AMD CPUs * CVE-2016-7093 / XSA-186 (4.6.3 became vulnerable) - x86: Mishandling of instruction pointer truncation during emulation * XSA-207 - memory leak when destroying guest without PT devices - Replacing the following security fixes with the versions from the stable update: * CVE-2015-7812 / XSA-145 - arm: Host crash when preempting a multicall * CVE-2015-7813 / XSA-146 - arm: various unimplemented hypercalls log without rate limiting * CVE-2015-7814 / XSA-147 - arm: Race between domain destruction and memory allocation decrease * CVE-2015-7835 / XSA-148 - x86: Uncontrolled creation of large page mappings by PV guests * CVE-2015-7969 / XSA-149, XSA-151 - leak of main per-domain vcpu pointer array - x86: leak of per-domain profiling-related vcpu pointer array * CVE-2015-7970 / XSA-150 - x86: Long latency populate-on-demand operation is not preemptible * CVE-2015-7971 / XSA-152 - x86: some pmu and profiling hypercalls log without rate limiting * CVE-2015-7972 / XSA-153 - x86: populate-on-demand balloon size inaccuracy can crash guests * CVE-2016-2270 / XSA-154 - x86: inconsistent cachability flags on guest mappings * CVE-2015-8550 / XSA-155 - paravirtualized drivers incautious about shared memory contents * CVE-2015-5307, CVE-2015-8104 / XSA-156 - x86: CPU lockup during exception delivery * CVE-2015-8338 / XSA-158 - long running memory operations on ARM * CVE-2015-8339, CVE-2015-8340 / XSA-159 XENMEM_exchange error handling issues * CVE-2015-8341 / XSA-160 - libxl leak of pv kernel and initrd on error * CVE-2015-8555 / XSA-165 - information leak in legacy x86 FPU/XMM initialization * XSA-166 - ioreq handling possibly susceptible to multiple read issue * CVE-2016-1570 / XSA-167 - PV superpage functionality missing sanity checks * CVE-2016-1571 / XSA-168 - VMX: intercept issue with INVLPG on non-canonical address * CVE-2015-8615 / XSA-169 - x86: unintentional logging upon guest changing callback method * CVE-2016-2271 / XSA-170 - VMX: guest user mode may crash guest with non-canonical RIP * CVE-2016-3158, CVE-2016-3159 / XSA-172 - broken AMD FPU FIP/FDP/FOP leak workaround * CVE-2016-3960 / XSA-173 - x86 shadow pagetables: address width overflow * CVE-2016-4962 / XSA-175 - Unsanitised guest input in libxl device handling code * CVE-2016-4480 / XSA-176 - x86 software guest page walk PS bit handling flaw * CVE-2016-4963 / XSA-178 - Unsanitised driver domain input in libxl device handling * CVE-2016-5242 / XSA-181 - arm: Host crash caused by VMID exhaustion * CVE-2016-6258 / XSA-182 - x86: Privilege escalation in PV guests * CVE-2016-6259 / XSA-183 - x86: Missing SMAP whitelisting in 32-bit exception / event delivery * CVE-2016-7092 / XSA-185 - x86: Disallow L3 recursive pagetable for 32-bit PV guests * CVE-2016-7094 / XSA-187 - x86 HVM: Overflow of sh_ctxt->seg_reg[] * CVE-2016-7777 / XSA-190 - CR0.TS and CR0.EM not always honored for x86 HVM guests * CVE-2016-9386 / XSA-191 - x86 null segments not always treated as unusable * CVE-2016-9382 / XSA-192 - x86 task switch to VM86 mode mis-handled * CVE-2016-9385 / XSA-193 - x86 segment base write emulation lacking canonical address checks * CVE-2016-9383 / XSA-195 - x86 64-bit bit test instruction emulation broken * CVE-2016-9377, CVE-2016-9378 / XSA-196 - x86 software interrupt injection mis-handled * CVE-2016-9379, CVE-2016-9380 / XSA-198 - delimiter injection vulnerabilities in pygrub * CVE-2016-9932 / XSA-200 - x86 CMPXCHG8B emulation fails to ignore operand size override * CVE-2016-9815, CVE-2016-9816, CVE-2016-9817, CVE-2016-9818 / XSA-201 - ARM guests may induce host asynchronous abort * CVE-2016-10024 / XSA-202 - x86 PV guests may be able to mask interrupts * CVE-2016-10025 / XSA-203 - x86: missing NULL pointer check in VMFUNC emulation * CVE-2016-10013 / XSA-204 - x86: Mishandling of SYSCALL singlestep during emulation
applied/ubuntu/xenial-proposed	2017-03-16 18:18:27 UTC 2017-03-16	Import patches-applied version 4.6.5-0ubuntu1 to applied/ubuntu/xenial-proposed Author: Stefan Bader Author Date: 2017-03-14 15:08:39 UTC Import patches-applied version 4.6.5-0ubuntu1 to applied/ubuntu/xenial-proposed Imported using git-ubuntu import. Changelog parent: 2cc042e72e8c483233075ed890af1c5a59be6e92 Unapplied parent: 367437ff4b1375f7731c3938a7eb90f42695bd04 New changelog entries: * Rebasing to upstream stable release 4.6.5 (LP: #1671864) https://www.xenproject.org/downloads/xen-archives/xen-46-series.html - Includes fix for booting 4.10 Linux kernels in HVM guests on Intel hosts which support the TSC_ADJUST MSR (LP: #1671760) - Additional security relevant changes: * CVE-2013-2076 / XSA-052 (update) - Information leak on XSAVE/XRSTOR capable AMD CPUs * CVE-2016-7093 / XSA-186 (4.6.3 became vulnerable) - x86: Mishandling of instruction pointer truncation during emulation * XSA-207 - memory leak when destroying guest without PT devices - Replacing the following security fixes with the versions from the stable update: * CVE-2015-7812 / XSA-145 - arm: Host crash when preempting a multicall * CVE-2015-7813 / XSA-146 - arm: various unimplemented hypercalls log without rate limiting * CVE-2015-7814 / XSA-147 - arm: Race between domain destruction and memory allocation decrease * CVE-2015-7835 / XSA-148 - x86: Uncontrolled creation of large page mappings by PV guests * CVE-2015-7969 / XSA-149, XSA-151 - leak of main per-domain vcpu pointer array - x86: leak of per-domain profiling-related vcpu pointer array * CVE-2015-7970 / XSA-150 - x86: Long latency populate-on-demand operation is not preemptible * CVE-2015-7971 / XSA-152 - x86: some pmu and profiling hypercalls log without rate limiting * CVE-2015-7972 / XSA-153 - x86: populate-on-demand balloon size inaccuracy can crash guests * CVE-2016-2270 / XSA-154 - x86: inconsistent cachability flags on guest mappings * CVE-2015-8550 / XSA-155 - paravirtualized drivers incautious about shared memory contents * CVE-2015-5307, CVE-2015-8104 / XSA-156 - x86: CPU lockup during exception delivery * CVE-2015-8338 / XSA-158 - long running memory operations on ARM * CVE-2015-8339, CVE-2015-8340 / XSA-159 XENMEM_exchange error handling issues * CVE-2015-8341 / XSA-160 - libxl leak of pv kernel and initrd on error * CVE-2015-8555 / XSA-165 - information leak in legacy x86 FPU/XMM initialization * XSA-166 - ioreq handling possibly susceptible to multiple read issue * CVE-2016-1570 / XSA-167 - PV superpage functionality missing sanity checks * CVE-2016-1571 / XSA-168 - VMX: intercept issue with INVLPG on non-canonical address * CVE-2015-8615 / XSA-169 - x86: unintentional logging upon guest changing callback method * CVE-2016-2271 / XSA-170 - VMX: guest user mode may crash guest with non-canonical RIP * CVE-2016-3158, CVE-2016-3159 / XSA-172 - broken AMD FPU FIP/FDP/FOP leak workaround * CVE-2016-3960 / XSA-173 - x86 shadow pagetables: address width overflow * CVE-2016-4962 / XSA-175 - Unsanitised guest input in libxl device handling code * CVE-2016-4480 / XSA-176 - x86 software guest page walk PS bit handling flaw * CVE-2016-4963 / XSA-178 - Unsanitised driver domain input in libxl device handling * CVE-2016-5242 / XSA-181 - arm: Host crash caused by VMID exhaustion * CVE-2016-6258 / XSA-182 - x86: Privilege escalation in PV guests * CVE-2016-6259 / XSA-183 - x86: Missing SMAP whitelisting in 32-bit exception / event delivery * CVE-2016-7092 / XSA-185 - x86: Disallow L3 recursive pagetable for 32-bit PV guests * CVE-2016-7094 / XSA-187 - x86 HVM: Overflow of sh_ctxt->seg_reg[] * CVE-2016-7777 / XSA-190 - CR0.TS and CR0.EM not always honored for x86 HVM guests * CVE-2016-9386 / XSA-191 - x86 null segments not always treated as unusable * CVE-2016-9382 / XSA-192 - x86 task switch to VM86 mode mis-handled * CVE-2016-9385 / XSA-193 - x86 segment base write emulation lacking canonical address checks * CVE-2016-9383 / XSA-195 - x86 64-bit bit test instruction emulation broken * CVE-2016-9377, CVE-2016-9378 / XSA-196 - x86 software interrupt injection mis-handled * CVE-2016-9379, CVE-2016-9380 / XSA-198 - delimiter injection vulnerabilities in pygrub * CVE-2016-9932 / XSA-200 - x86 CMPXCHG8B emulation fails to ignore operand size override * CVE-2016-9815, CVE-2016-9816, CVE-2016-9817, CVE-2016-9818 / XSA-201 - ARM guests may induce host asynchronous abort * CVE-2016-10024 / XSA-202 - x86 PV guests may be able to mask interrupts * CVE-2016-10025 / XSA-203 - x86: missing NULL pointer check in VMFUNC emulation * CVE-2016-10013 / XSA-204 - x86: Mishandling of SYSCALL singlestep during emulation
applied/ubuntu/yakkety-proposed	2017-03-16 17:33:29 UTC 2017-03-16	Import patches-applied version 4.7.2-0ubuntu1 to applied/ubuntu/yakkety-proposed Author: Stefan Bader Author Date: 2017-03-14 14:45:59 UTC Import patches-applied version 4.7.2-0ubuntu1 to applied/ubuntu/yakkety-proposed Imported using git-ubuntu import. Changelog parent: c508d12e06d00292ed54021f6757798f0e2dd5ab Unapplied parent: be280a22c943a35ea6f83df7bd7af170e7a91a27 New changelog entries: * Rebasing to upstream stable release 4.7.2 (LP: #1672767) https://www.xenproject.org/downloads/xen-archives/xen-47-series.html - Includes fix for booting 4.10 Linux kernels in HVM guests on Intel hosts which support the TSC_ADJUST MSR (LP: #1671760) - Dropping: d/p/preup-tools-fix-linear-p2m-save.patch which is part of the stable update. - Additional security relevant changes: * XSA-207 - memory leak when destroying guest without PT devices - Replacing the following security fixes with the versions from the stable update: * CVE-2016-6258 / XSA-182 - x86: Privilege escalation in PV guests * CVE-2016-6259 / XSA-183 - x86: Missing SMAP whitelisting in 32-bit exception / event delivery * CVE-2016-7092 / XSA-185 - x86: Disallow L3 recursive pagetable for 32-bit PV guests * CVE-2016-7093 / XSA-186 - x86: Mishandling of instruction pointer truncation during emulation * CVE-2016-7094 / XSA-187 - x86 HVM: Overflow of sh_ctxt->seg_reg[] * CVE-2016-7777 / XSA-190 - CR0.TS and CR0.EM not always honored for x86 HVM guests * CVE-2016-9386 / XSA-191 - x86 null segments not always treated as unusable * CVE-2016-9382 / XSA-192 - x86 task switch to VM86 mode mis-handled * CVE-2016-9385 / XSA-193 - x86 segment base write emulation lacking canonical address checks * CVE-2016-9384 / XSA-194 - guest 32-bit ELF symbol table load leaking host data * CVE-2016-9383 / XSA-195 - x86 64-bit bit test instruction emulation broken * CVE-2016-9377, CVE-2016-9378 / XSA-196 - x86 software interrupt injection mis-handled * CVE-2016-9379, CVE-2016-9380 / XSA-198 - delimiter injection vulnerabilities in pygrub * CVE-2016-9932 / XSA-200 - x86 CMPXCHG8B emulation fails to ignore operand size override * CVE-2016-9815, CVE-2016-9816, CVE-2016-9817, CVE-2016-9818 / XSA-201 - ARM guests may induce host asynchronous abort * CVE-2016-10024 / XSA-202 - x86 PV guests may be able to mask interrupts * CVE-2016-10025 / XSA-203 - x86: missing NULL pointer check in VMFUNC emulation * CVE-2016-10013 / XSA-204 - x86: Mishandling of SYSCALL singlestep during emulation * Copy contents of debian/build/install-utils_$(ARCH)/usr/sbin into debian/build/install-utils_$ARCH/usr/lib/xen-$(VERSION) (LP: #1396670).
ubuntu/yakkety-proposed	2017-03-16 17:33:29 UTC 2017-03-16	Import patches-unapplied version 4.7.2-0ubuntu1 to ubuntu/yakkety-proposed Author: Stefan Bader Author Date: 2017-03-14 14:45:59 UTC Import patches-unapplied version 4.7.2-0ubuntu1 to ubuntu/yakkety-proposed Imported using git-ubuntu import. Changelog parent: 126a81c2b52f8c74aa7420613ed4ce178521de60 New changelog entries: * Rebasing to upstream stable release 4.7.2 (LP: #1672767) https://www.xenproject.org/downloads/xen-archives/xen-47-series.html - Includes fix for booting 4.10 Linux kernels in HVM guests on Intel hosts which support the TSC_ADJUST MSR (LP: #1671760) - Dropping: d/p/preup-tools-fix-linear-p2m-save.patch which is part of the stable update. - Additional security relevant changes: * XSA-207 - memory leak when destroying guest without PT devices - Replacing the following security fixes with the versions from the stable update: * CVE-2016-6258 / XSA-182 - x86: Privilege escalation in PV guests * CVE-2016-6259 / XSA-183 - x86: Missing SMAP whitelisting in 32-bit exception / event delivery * CVE-2016-7092 / XSA-185 - x86: Disallow L3 recursive pagetable for 32-bit PV guests * CVE-2016-7093 / XSA-186 - x86: Mishandling of instruction pointer truncation during emulation * CVE-2016-7094 / XSA-187 - x86 HVM: Overflow of sh_ctxt->seg_reg[] * CVE-2016-7777 / XSA-190 - CR0.TS and CR0.EM not always honored for x86 HVM guests * CVE-2016-9386 / XSA-191 - x86 null segments not always treated as unusable * CVE-2016-9382 / XSA-192 - x86 task switch to VM86 mode mis-handled * CVE-2016-9385 / XSA-193 - x86 segment base write emulation lacking canonical address checks * CVE-2016-9384 / XSA-194 - guest 32-bit ELF symbol table load leaking host data * CVE-2016-9383 / XSA-195 - x86 64-bit bit test instruction emulation broken * CVE-2016-9377, CVE-2016-9378 / XSA-196 - x86 software interrupt injection mis-handled * CVE-2016-9379, CVE-2016-9380 / XSA-198 - delimiter injection vulnerabilities in pygrub * CVE-2016-9932 / XSA-200 - x86 CMPXCHG8B emulation fails to ignore operand size override * CVE-2016-9815, CVE-2016-9816, CVE-2016-9817, CVE-2016-9818 / XSA-201 - ARM guests may induce host asynchronous abort * CVE-2016-10024 / XSA-202 - x86 PV guests may be able to mask interrupts * CVE-2016-10025 / XSA-203 - x86: missing NULL pointer check in VMFUNC emulation * CVE-2016-10013 / XSA-204 - x86: Mishandling of SYSCALL singlestep during emulation * Copy contents of debian/build/install-utils_$(ARCH)/usr/sbin into debian/build/install-utils_$ARCH/usr/lib/xen-$(VERSION) (LP: #1396670).
applied/ubuntu/zesty-proposed	2017-03-15 15:13:21 UTC 2017-03-15	Import patches-applied version 4.8.0-1ubuntu2 to applied/ubuntu/zesty-proposed Author: Stefan Bader Author Date: 2017-03-14 08:27:04 UTC Import patches-applied version 4.8.0-1ubuntu2 to applied/ubuntu/zesty-proposed Imported using git-ubuntu import. Changelog parent: 69554fc7a14e4bb7db9f8d92a56f9c3dcaf2857b Unapplied parent: 70e75f8d27fd75e0ca1c47bcc9a43c9157afd792 New changelog entries: * Cherry-pick upstream change to fix TSC_ADJUST MSR handling in HVM guests running on Intel based hosts (LP: #1671760)
ubuntu/zesty-proposed	2017-03-15 15:13:21 UTC 2017-03-15	Import patches-unapplied version 4.8.0-1ubuntu2 to ubuntu/zesty-proposed Author: Stefan Bader Author Date: 2017-03-14 08:27:04 UTC Import patches-unapplied version 4.8.0-1ubuntu2 to ubuntu/zesty-proposed Imported using git-ubuntu import. Changelog parent: 83ccf175472aac65d990ae0e1e7b2bd00b4af464 New changelog entries: * Cherry-pick upstream change to fix TSC_ADJUST MSR handling in HVM guests running on Intel based hosts (LP: #1671760)
ubuntu/zesty	2017-03-15 15:13:21 UTC 2017-03-15	Import patches-unapplied version 4.8.0-1ubuntu2 to ubuntu/zesty-proposed Author: Stefan Bader Author Date: 2017-03-14 08:27:04 UTC Import patches-unapplied version 4.8.0-1ubuntu2 to ubuntu/zesty-proposed Imported using git-ubuntu import. Changelog parent: 83ccf175472aac65d990ae0e1e7b2bd00b4af464 New changelog entries: * Cherry-pick upstream change to fix TSC_ADJUST MSR handling in HVM guests running on Intel based hosts (LP: #1671760)
applied/ubuntu/zesty	2017-03-15 15:13:21 UTC 2017-03-15	Import patches-applied version 4.8.0-1ubuntu2 to applied/ubuntu/zesty-proposed Author: Stefan Bader Author Date: 2017-03-14 08:27:04 UTC Import patches-applied version 4.8.0-1ubuntu2 to applied/ubuntu/zesty-proposed Imported using git-ubuntu import. Changelog parent: 69554fc7a14e4bb7db9f8d92a56f9c3dcaf2857b Unapplied parent: 70e75f8d27fd75e0ca1c47bcc9a43c9157afd792 New changelog entries: * Cherry-pick upstream change to fix TSC_ADJUST MSR handling in HVM guests running on Intel based hosts (LP: #1671760)
applied/ubuntu/precise-updates	2017-01-12 18:43:32 UTC 2017-01-12	Import patches-applied version 4.1.6.1-0ubuntu0.12.04.13 to applied/ubuntu/pr... Author: Stefan Bader Author Date: 2017-01-11 10:44:28 UTC Import patches-applied version 4.1.6.1-0ubuntu0.12.04.13 to applied/ubuntu/precise-security Imported using git-ubuntu import. Changelog parent: 4672c400ae6bdc368376749f143af7682a23d4b3 Unapplied parent: 83bed17cd07bde9fa8f1762f3b614545501b84c0 New changelog entries: * Applying Xen Security Advisories: - CVE-2016-9386 / XSA-191 * x86/hvm: Fix the handling of non-present segments - CVE-2016-9382 / XSA-192 * x86/HVM: don't load LDTR with VM86 mode attrs during task switch - CVE-2016-9383 / XSA-195 * x86emul: fix huge bit offset handling - CVE-2016-9381 / XSA-197 * xen: fix ioreq handling - CVE-2016-9379, CVE-2016-9380 / XSA-198 * pygrub: Properly quote results, when returning them to the caller - CVE-2016-9637 / XSA-199 * qemu: ioport_read, ioport_write: be defensive about 32-bit addresses - CVE-2016-9932 / XSA-200 * x86/emulator: add feature checks for newer instructions * x86emul: CMPXCHG8B ignores operand size prefix - CVE-2016-10024 / XSA-202 * x86: use MOV instead of PUSH/POP when saving/restoring register state * x86: force EFLAGS.IF on when exiting to PV guests - CVE-2016-10013 / XSA-204 * x86/emul: Correct the handling of eflags with SYSCALL
ubuntu/precise-devel	2017-01-12 18:43:32 UTC 2017-01-12	Import patches-unapplied version 4.1.6.1-0ubuntu0.12.04.13 to ubuntu/precise-... Author: Stefan Bader Author Date: 2017-01-11 10:44:28 UTC Import patches-unapplied version 4.1.6.1-0ubuntu0.12.04.13 to ubuntu/precise-security Imported using git-ubuntu import. Changelog parent: ec321d1049f17c8f3051ba766f11675aca0e50f2 New changelog entries: * Applying Xen Security Advisories: - CVE-2016-9386 / XSA-191 * x86/hvm: Fix the handling of non-present segments - CVE-2016-9382 / XSA-192 * x86/HVM: don't load LDTR with VM86 mode attrs during task switch - CVE-2016-9383 / XSA-195 * x86emul: fix huge bit offset handling - CVE-2016-9381 / XSA-197 * xen: fix ioreq handling - CVE-2016-9379, CVE-2016-9380 / XSA-198 * pygrub: Properly quote results, when returning them to the caller - CVE-2016-9637 / XSA-199 * qemu: ioport_read, ioport_write: be defensive about 32-bit addresses - CVE-2016-9932 / XSA-200 * x86/emulator: add feature checks for newer instructions * x86emul: CMPXCHG8B ignores operand size prefix - CVE-2016-10024 / XSA-202 * x86: use MOV instead of PUSH/POP when saving/restoring register state * x86: force EFLAGS.IF on when exiting to PV guests - CVE-2016-10013 / XSA-204 * x86/emul: Correct the handling of eflags with SYSCALL
applied/ubuntu/precise-devel	2017-01-12 18:43:32 UTC 2017-01-12	Import patches-applied version 4.1.6.1-0ubuntu0.12.04.13 to applied/ubuntu/pr... Author: Stefan Bader Author Date: 2017-01-11 10:44:28 UTC Import patches-applied version 4.1.6.1-0ubuntu0.12.04.13 to applied/ubuntu/precise-security Imported using git-ubuntu import. Changelog parent: 4672c400ae6bdc368376749f143af7682a23d4b3 Unapplied parent: 83bed17cd07bde9fa8f1762f3b614545501b84c0 New changelog entries: * Applying Xen Security Advisories: - CVE-2016-9386 / XSA-191 * x86/hvm: Fix the handling of non-present segments - CVE-2016-9382 / XSA-192 * x86/HVM: don't load LDTR with VM86 mode attrs during task switch - CVE-2016-9383 / XSA-195 * x86emul: fix huge bit offset handling - CVE-2016-9381 / XSA-197 * xen: fix ioreq handling - CVE-2016-9379, CVE-2016-9380 / XSA-198 * pygrub: Properly quote results, when returning them to the caller - CVE-2016-9637 / XSA-199 * qemu: ioport_read, ioport_write: be defensive about 32-bit addresses - CVE-2016-9932 / XSA-200 * x86/emulator: add feature checks for newer instructions * x86emul: CMPXCHG8B ignores operand size prefix - CVE-2016-10024 / XSA-202 * x86: use MOV instead of PUSH/POP when saving/restoring register state * x86: force EFLAGS.IF on when exiting to PV guests - CVE-2016-10013 / XSA-204 * x86/emul: Correct the handling of eflags with SYSCALL
ubuntu/precise-security	2017-01-12 18:43:32 UTC 2017-01-12	Import patches-unapplied version 4.1.6.1-0ubuntu0.12.04.13 to ubuntu/precise-... Author: Stefan Bader Author Date: 2017-01-11 10:44:28 UTC Import patches-unapplied version 4.1.6.1-0ubuntu0.12.04.13 to ubuntu/precise-security Imported using git-ubuntu import. Changelog parent: ec321d1049f17c8f3051ba766f11675aca0e50f2 New changelog entries: * Applying Xen Security Advisories: - CVE-2016-9386 / XSA-191 * x86/hvm: Fix the handling of non-present segments - CVE-2016-9382 / XSA-192 * x86/HVM: don't load LDTR with VM86 mode attrs during task switch - CVE-2016-9383 / XSA-195 * x86emul: fix huge bit offset handling - CVE-2016-9381 / XSA-197 * xen: fix ioreq handling - CVE-2016-9379, CVE-2016-9380 / XSA-198 * pygrub: Properly quote results, when returning them to the caller - CVE-2016-9637 / XSA-199 * qemu: ioport_read, ioport_write: be defensive about 32-bit addresses - CVE-2016-9932 / XSA-200 * x86/emulator: add feature checks for newer instructions * x86emul: CMPXCHG8B ignores operand size prefix - CVE-2016-10024 / XSA-202 * x86: use MOV instead of PUSH/POP when saving/restoring register state * x86: force EFLAGS.IF on when exiting to PV guests - CVE-2016-10013 / XSA-204 * x86/emul: Correct the handling of eflags with SYSCALL
applied/ubuntu/precise-security	2017-01-12 18:43:32 UTC 2017-01-12	Import patches-applied version 4.1.6.1-0ubuntu0.12.04.13 to applied/ubuntu/pr... Author: Stefan Bader Author Date: 2017-01-11 10:44:28 UTC Import patches-applied version 4.1.6.1-0ubuntu0.12.04.13 to applied/ubuntu/precise-security Imported using git-ubuntu import. Changelog parent: 4672c400ae6bdc368376749f143af7682a23d4b3 Unapplied parent: 83bed17cd07bde9fa8f1762f3b614545501b84c0 New changelog entries: * Applying Xen Security Advisories: - CVE-2016-9386 / XSA-191 * x86/hvm: Fix the handling of non-present segments - CVE-2016-9382 / XSA-192 * x86/HVM: don't load LDTR with VM86 mode attrs during task switch - CVE-2016-9383 / XSA-195 * x86emul: fix huge bit offset handling - CVE-2016-9381 / XSA-197 * xen: fix ioreq handling - CVE-2016-9379, CVE-2016-9380 / XSA-198 * pygrub: Properly quote results, when returning them to the caller - CVE-2016-9637 / XSA-199 * qemu: ioport_read, ioport_write: be defensive about 32-bit addresses - CVE-2016-9932 / XSA-200 * x86/emulator: add feature checks for newer instructions * x86emul: CMPXCHG8B ignores operand size prefix - CVE-2016-10024 / XSA-202 * x86: use MOV instead of PUSH/POP when saving/restoring register state * x86: force EFLAGS.IF on when exiting to PV guests - CVE-2016-10013 / XSA-204 * x86/emul: Correct the handling of eflags with SYSCALL
ubuntu/precise-updates	2017-01-12 18:43:32 UTC 2017-01-12	Import patches-unapplied version 4.1.6.1-0ubuntu0.12.04.13 to ubuntu/precise-... Author: Stefan Bader Author Date: 2017-01-11 10:44:28 UTC Import patches-unapplied version 4.1.6.1-0ubuntu0.12.04.13 to ubuntu/precise-security Imported using git-ubuntu import. Changelog parent: ec321d1049f17c8f3051ba766f11675aca0e50f2 New changelog entries: * Applying Xen Security Advisories: - CVE-2016-9386 / XSA-191 * x86/hvm: Fix the handling of non-present segments - CVE-2016-9382 / XSA-192 * x86/HVM: don't load LDTR with VM86 mode attrs during task switch - CVE-2016-9383 / XSA-195 * x86emul: fix huge bit offset handling - CVE-2016-9381 / XSA-197 * xen: fix ioreq handling - CVE-2016-9379, CVE-2016-9380 / XSA-198 * pygrub: Properly quote results, when returning them to the caller - CVE-2016-9637 / XSA-199 * qemu: ioport_read, ioport_write: be defensive about 32-bit addresses - CVE-2016-9932 / XSA-200 * x86/emulator: add feature checks for newer instructions * x86emul: CMPXCHG8B ignores operand size prefix - CVE-2016-10024 / XSA-202 * x86: use MOV instead of PUSH/POP when saving/restoring register state * x86: force EFLAGS.IF on when exiting to PV guests - CVE-2016-10013 / XSA-204 * x86/emul: Correct the handling of eflags with SYSCALL
ubuntu/yakkety	2016-10-07 19:39:08 UTC 2016-10-07	Import patches-unapplied version 4.7.0-0ubuntu2 to ubuntu/yakkety-proposed Author: Stefan Bader Author Date: 2016-10-06 13:24:46 UTC Import patches-unapplied version 4.7.0-0ubuntu2 to ubuntu/yakkety-proposed Imported using git-ubuntu import. Changelog parent: 048003ad474e3ea4f2460cf9a76e0c04b5f90d48 New changelog entries: * Applying Xen Security Advisories: - CVE-2016-6258 / XSA-182 * x86/pv: Remove unsafe bits from the mod_l?_entry() fastpath - CVE-2016-6259 / XSA-183 * x86/entry: Avoid SMAP violation in compat_create_bounce_frame() - CVE-2016-7092 / XSA-185 * x86/32on64: don't allow recursive page tables from L3 - CVE-2016-7093 / XSA-186 * x86/emulate: Correct boundary interactions of emulated instructions * hvm/fep: Allow testing of instructions crossing the -1 -> 0 virtual boundary - CVE-2016-7094 / XSA-187 * x86/shadow: Avoid overflowing sh_ctxt->seg_reg[] * x86/segment: Bounds check accesses to emulation ctxt->seg_reg[] - CVE-2016-7777 / XSA-190 * x86emul: honor guest CR0.TS and CR0.EM
applied/ubuntu/yakkety	2016-10-07 19:39:08 UTC 2016-10-07	Import patches-applied version 4.7.0-0ubuntu2 to applied/ubuntu/yakkety-proposed Author: Stefan Bader Author Date: 2016-10-06 13:24:46 UTC Import patches-applied version 4.7.0-0ubuntu2 to applied/ubuntu/yakkety-proposed Imported using git-ubuntu import. Changelog parent: e5deb9b98695b08fa5277bf983940a416ef8a031 Unapplied parent: 8063ee741f3b53752d06ef4213c1ae8014db1af1 New changelog entries: * Applying Xen Security Advisories: - CVE-2016-6258 / XSA-182 * x86/pv: Remove unsafe bits from the mod_l?_entry() fastpath - CVE-2016-6259 / XSA-183 * x86/entry: Avoid SMAP violation in compat_create_bounce_frame() - CVE-2016-7092 / XSA-185 * x86/32on64: don't allow recursive page tables from L3 - CVE-2016-7093 / XSA-186 * x86/emulate: Correct boundary interactions of emulated instructions * hvm/fep: Allow testing of instructions crossing the -1 -> 0 virtual boundary - CVE-2016-7094 / XSA-187 * x86/shadow: Avoid overflowing sh_ctxt->seg_reg[] * x86/segment: Bounds check accesses to emulation ctxt->seg_reg[] - CVE-2016-7777 / XSA-190 * x86emul: honor guest CR0.TS and CR0.EM
ubuntu/wily-updates	2016-07-05 13:39:14 UTC 2016-07-05	Import patches-unapplied version 4.5.1-0ubuntu1.4 to ubuntu/wily-security Author: Stefan Bader Author Date: 2016-06-30 08:05:26 UTC Import patches-unapplied version 4.5.1-0ubuntu1.4 to ubuntu/wily-security Imported using git-ubuntu import. Changelog parent: 8655bdc341658d044fd5c55d12d6524030409f0f New changelog entries: * Applying Xen Security Advisories: - CVE-2016-3158, CVE-2016-3159 / XSA-172 * x86: fix information leak on AMD CPUs - CVE-2016-3960 / XSA-173 * x86: limit GFNs to 32 bits for shadowed superpages. - CVE-2016-4962 / XSA-175 * libxl: Record backend/frontend paths in /libxl/$DOMID * libxl: Provide libxl__backendpath_parse_domid * libxl: Do not trust frontend in libxl__devices_destroy * libxl: Do not trust frontend in libxl__device_nextid * libxl: Do not trust frontend for disk eject event * libxl: Do not trust frontend for disk in getinfo * libxl: Do not trust frontend for vtpm list * libxl: Do not trust frontend for vtpm in getinfo * libxl: Do not trust frontend for nic in libxl_devid_to_device_nic * libxl: Do not trust frontend for nic in getinfo * libxl: Do not trust frontend for channel in list * libxl: Do not trust frontend for channel in getinfo * libxl: Cleanup: Have libxl__alloc_vdev use /libxl * libxl: Document ~/serial/ correctly - CVE-2016-4480 / XSA-176 * x86/mm: fully honor PS bits in guest page table walks - CVE-2016-4963 / XSA-178 * libxl: Make copy of every xs backend in /libxl in _generic_add * libxl: Do not trust backend in libxl__device_exists * libxl: Do not trust backend for vtpm in getinfo (except uuid) * libxl: Do not trust backend for vtpm in getinfo (uuid) * libxl: cdrom eject and insert: write to /libxl * libxl: Do not trust backend for disk eject vdev * libxl: Do not trust backend for disk; fix driver domain disks list * libxl: Do not trust backend for disk in getinfo * libxl: Do not trust backend for cdrom insert * libxl: Do not trust backend for channel in getinfo * libxl: Rename libxl__device_{nic,channel}_from_xs_be to _from_xenstore * libxl: Rename READ_BACKEND to READ_LIBXLDEV * libxl: Have READ_LIBXLDEV use libxl_path rather than be_path * libxl: Do not trust backend in nic getinfo * libxl: Do not trust backend for nic in devid_to_device * libxl: Do not trust backend for nic in list * libxl: Do not trust backend in channel list * libxl: Cleanup: use libxl__backendpath_parse_domid in libxl__device_disk_from_xs_be * libxl: Fix NULL pointer due to XSA-178 fix wrong XS nodename - CVE-2016-5242 / XSA-181 * xen/arm: Don't free p2m->first_level in p2m_teardown() before it has been allocated
applied/ubuntu/wily-devel	2016-07-05 13:39:14 UTC 2016-07-05	Import patches-applied version 4.5.1-0ubuntu1.4 to applied/ubuntu/wily-security Author: Stefan Bader Author Date: 2016-06-30 08:05:26 UTC Import patches-applied version 4.5.1-0ubuntu1.4 to applied/ubuntu/wily-security Imported using git-ubuntu import. Changelog parent: d5cd91ce2536fb8858582d8d08af31c931dc928e Unapplied parent: 1e8c80cd84ce3329e3e36c116c8a9575a9f0f388 New changelog entries: * Applying Xen Security Advisories: - CVE-2016-3158, CVE-2016-3159 / XSA-172 * x86: fix information leak on AMD CPUs - CVE-2016-3960 / XSA-173 * x86: limit GFNs to 32 bits for shadowed superpages. - CVE-2016-4962 / XSA-175 * libxl: Record backend/frontend paths in /libxl/$DOMID * libxl: Provide libxl__backendpath_parse_domid * libxl: Do not trust frontend in libxl__devices_destroy * libxl: Do not trust frontend in libxl__device_nextid * libxl: Do not trust frontend for disk eject event * libxl: Do not trust frontend for disk in getinfo * libxl: Do not trust frontend for vtpm list * libxl: Do not trust frontend for vtpm in getinfo * libxl: Do not trust frontend for nic in libxl_devid_to_device_nic * libxl: Do not trust frontend for nic in getinfo * libxl: Do not trust frontend for channel in list * libxl: Do not trust frontend for channel in getinfo * libxl: Cleanup: Have libxl__alloc_vdev use /libxl * libxl: Document ~/serial/ correctly - CVE-2016-4480 / XSA-176 * x86/mm: fully honor PS bits in guest page table walks - CVE-2016-4963 / XSA-178 * libxl: Make copy of every xs backend in /libxl in _generic_add * libxl: Do not trust backend in libxl__device_exists * libxl: Do not trust backend for vtpm in getinfo (except uuid) * libxl: Do not trust backend for vtpm in getinfo (uuid) * libxl: cdrom eject and insert: write to /libxl * libxl: Do not trust backend for disk eject vdev * libxl: Do not trust backend for disk; fix driver domain disks list * libxl: Do not trust backend for disk in getinfo * libxl: Do not trust backend for cdrom insert * libxl: Do not trust backend for channel in getinfo * libxl: Rename libxl__device_{nic,channel}_from_xs_be to _from_xenstore * libxl: Rename READ_BACKEND to READ_LIBXLDEV * libxl: Have READ_LIBXLDEV use libxl_path rather than be_path * libxl: Do not trust backend in nic getinfo * libxl: Do not trust backend for nic in devid_to_device * libxl: Do not trust backend for nic in list * libxl: Do not trust backend in channel list * libxl: Cleanup: use libxl__backendpath_parse_domid in libxl__device_disk_from_xs_be * libxl: Fix NULL pointer due to XSA-178 fix wrong XS nodename - CVE-2016-5242 / XSA-181 * xen/arm: Don't free p2m->first_level in p2m_teardown() before it has been allocated
applied/ubuntu/wily-security	2016-07-05 13:39:14 UTC 2016-07-05	Import patches-applied version 4.5.1-0ubuntu1.4 to applied/ubuntu/wily-security Author: Stefan Bader Author Date: 2016-06-30 08:05:26 UTC Import patches-applied version 4.5.1-0ubuntu1.4 to applied/ubuntu/wily-security Imported using git-ubuntu import. Changelog parent: d5cd91ce2536fb8858582d8d08af31c931dc928e Unapplied parent: 1e8c80cd84ce3329e3e36c116c8a9575a9f0f388 New changelog entries: * Applying Xen Security Advisories: - CVE-2016-3158, CVE-2016-3159 / XSA-172 * x86: fix information leak on AMD CPUs - CVE-2016-3960 / XSA-173 * x86: limit GFNs to 32 bits for shadowed superpages. - CVE-2016-4962 / XSA-175 * libxl: Record backend/frontend paths in /libxl/$DOMID * libxl: Provide libxl__backendpath_parse_domid * libxl: Do not trust frontend in libxl__devices_destroy * libxl: Do not trust frontend in libxl__device_nextid * libxl: Do not trust frontend for disk eject event * libxl: Do not trust frontend for disk in getinfo * libxl: Do not trust frontend for vtpm list * libxl: Do not trust frontend for vtpm in getinfo * libxl: Do not trust frontend for nic in libxl_devid_to_device_nic * libxl: Do not trust frontend for nic in getinfo * libxl: Do not trust frontend for channel in list * libxl: Do not trust frontend for channel in getinfo * libxl: Cleanup: Have libxl__alloc_vdev use /libxl * libxl: Document ~/serial/ correctly - CVE-2016-4480 / XSA-176 * x86/mm: fully honor PS bits in guest page table walks - CVE-2016-4963 / XSA-178 * libxl: Make copy of every xs backend in /libxl in _generic_add * libxl: Do not trust backend in libxl__device_exists * libxl: Do not trust backend for vtpm in getinfo (except uuid) * libxl: Do not trust backend for vtpm in getinfo (uuid) * libxl: cdrom eject and insert: write to /libxl * libxl: Do not trust backend for disk eject vdev * libxl: Do not trust backend for disk; fix driver domain disks list * libxl: Do not trust backend for disk in getinfo * libxl: Do not trust backend for cdrom insert * libxl: Do not trust backend for channel in getinfo * libxl: Rename libxl__device_{nic,channel}_from_xs_be to _from_xenstore * libxl: Rename READ_BACKEND to READ_LIBXLDEV * libxl: Have READ_LIBXLDEV use libxl_path rather than be_path * libxl: Do not trust backend in nic getinfo * libxl: Do not trust backend for nic in devid_to_device * libxl: Do not trust backend for nic in list * libxl: Do not trust backend in channel list * libxl: Cleanup: use libxl__backendpath_parse_domid in libxl__device_disk_from_xs_be * libxl: Fix NULL pointer due to XSA-178 fix wrong XS nodename - CVE-2016-5242 / XSA-181 * xen/arm: Don't free p2m->first_level in p2m_teardown() before it has been allocated
applied/ubuntu/wily-updates	2016-07-05 13:39:14 UTC 2016-07-05	Import patches-applied version 4.5.1-0ubuntu1.4 to applied/ubuntu/wily-security Author: Stefan Bader Author Date: 2016-06-30 08:05:26 UTC Import patches-applied version 4.5.1-0ubuntu1.4 to applied/ubuntu/wily-security Imported using git-ubuntu import. Changelog parent: d5cd91ce2536fb8858582d8d08af31c931dc928e Unapplied parent: 1e8c80cd84ce3329e3e36c116c8a9575a9f0f388 New changelog entries: * Applying Xen Security Advisories: - CVE-2016-3158, CVE-2016-3159 / XSA-172 * x86: fix information leak on AMD CPUs - CVE-2016-3960 / XSA-173 * x86: limit GFNs to 32 bits for shadowed superpages. - CVE-2016-4962 / XSA-175 * libxl: Record backend/frontend paths in /libxl/$DOMID * libxl: Provide libxl__backendpath_parse_domid * libxl: Do not trust frontend in libxl__devices_destroy * libxl: Do not trust frontend in libxl__device_nextid * libxl: Do not trust frontend for disk eject event * libxl: Do not trust frontend for disk in getinfo * libxl: Do not trust frontend for vtpm list * libxl: Do not trust frontend for vtpm in getinfo * libxl: Do not trust frontend for nic in libxl_devid_to_device_nic * libxl: Do not trust frontend for nic in getinfo * libxl: Do not trust frontend for channel in list * libxl: Do not trust frontend for channel in getinfo * libxl: Cleanup: Have libxl__alloc_vdev use /libxl * libxl: Document ~/serial/ correctly - CVE-2016-4480 / XSA-176 * x86/mm: fully honor PS bits in guest page table walks - CVE-2016-4963 / XSA-178 * libxl: Make copy of every xs backend in /libxl in _generic_add * libxl: Do not trust backend in libxl__device_exists * libxl: Do not trust backend for vtpm in getinfo (except uuid) * libxl: Do not trust backend for vtpm in getinfo (uuid) * libxl: cdrom eject and insert: write to /libxl * libxl: Do not trust backend for disk eject vdev * libxl: Do not trust backend for disk; fix driver domain disks list * libxl: Do not trust backend for disk in getinfo * libxl: Do not trust backend for cdrom insert * libxl: Do not trust backend for channel in getinfo * libxl: Rename libxl__device_{nic,channel}_from_xs_be to _from_xenstore * libxl: Rename READ_BACKEND to READ_LIBXLDEV * libxl: Have READ_LIBXLDEV use libxl_path rather than be_path * libxl: Do not trust backend in nic getinfo * libxl: Do not trust backend for nic in devid_to_device * libxl: Do not trust backend for nic in list * libxl: Do not trust backend in channel list * libxl: Cleanup: use libxl__backendpath_parse_domid in libxl__device_disk_from_xs_be * libxl: Fix NULL pointer due to XSA-178 fix wrong XS nodename - CVE-2016-5242 / XSA-181 * xen/arm: Don't free p2m->first_level in p2m_teardown() before it has been allocated
ubuntu/wily-security	2016-07-05 13:39:14 UTC 2016-07-05	Import patches-unapplied version 4.5.1-0ubuntu1.4 to ubuntu/wily-security Author: Stefan Bader Author Date: 2016-06-30 08:05:26 UTC Import patches-unapplied version 4.5.1-0ubuntu1.4 to ubuntu/wily-security Imported using git-ubuntu import. Changelog parent: 8655bdc341658d044fd5c55d12d6524030409f0f New changelog entries: * Applying Xen Security Advisories: - CVE-2016-3158, CVE-2016-3159 / XSA-172 * x86: fix information leak on AMD CPUs - CVE-2016-3960 / XSA-173 * x86: limit GFNs to 32 bits for shadowed superpages. - CVE-2016-4962 / XSA-175 * libxl: Record backend/frontend paths in /libxl/$DOMID * libxl: Provide libxl__backendpath_parse_domid * libxl: Do not trust frontend in libxl__devices_destroy * libxl: Do not trust frontend in libxl__device_nextid * libxl: Do not trust frontend for disk eject event * libxl: Do not trust frontend for disk in getinfo * libxl: Do not trust frontend for vtpm list * libxl: Do not trust frontend for vtpm in getinfo * libxl: Do not trust frontend for nic in libxl_devid_to_device_nic * libxl: Do not trust frontend for nic in getinfo * libxl: Do not trust frontend for channel in list * libxl: Do not trust frontend for channel in getinfo * libxl: Cleanup: Have libxl__alloc_vdev use /libxl * libxl: Document ~/serial/ correctly - CVE-2016-4480 / XSA-176 * x86/mm: fully honor PS bits in guest page table walks - CVE-2016-4963 / XSA-178 * libxl: Make copy of every xs backend in /libxl in _generic_add * libxl: Do not trust backend in libxl__device_exists * libxl: Do not trust backend for vtpm in getinfo (except uuid) * libxl: Do not trust backend for vtpm in getinfo (uuid) * libxl: cdrom eject and insert: write to /libxl * libxl: Do not trust backend for disk eject vdev * libxl: Do not trust backend for disk; fix driver domain disks list * libxl: Do not trust backend for disk in getinfo * libxl: Do not trust backend for cdrom insert * libxl: Do not trust backend for channel in getinfo * libxl: Rename libxl__device_{nic,channel}_from_xs_be to _from_xenstore * libxl: Rename READ_BACKEND to READ_LIBXLDEV * libxl: Have READ_LIBXLDEV use libxl_path rather than be_path * libxl: Do not trust backend in nic getinfo * libxl: Do not trust backend for nic in devid_to_device * libxl: Do not trust backend for nic in list * libxl: Do not trust backend in channel list * libxl: Cleanup: use libxl__backendpath_parse_domid in libxl__device_disk_from_xs_be * libxl: Fix NULL pointer due to XSA-178 fix wrong XS nodename - CVE-2016-5242 / XSA-181 * xen/arm: Don't free p2m->first_level in p2m_teardown() before it has been allocated
ubuntu/wily-devel	2016-07-05 13:39:14 UTC 2016-07-05	Import patches-unapplied version 4.5.1-0ubuntu1.4 to ubuntu/wily-security Author: Stefan Bader Author Date: 2016-06-30 08:05:26 UTC Import patches-unapplied version 4.5.1-0ubuntu1.4 to ubuntu/wily-security Imported using git-ubuntu import. Changelog parent: 8655bdc341658d044fd5c55d12d6524030409f0f New changelog entries: * Applying Xen Security Advisories: - CVE-2016-3158, CVE-2016-3159 / XSA-172 * x86: fix information leak on AMD CPUs - CVE-2016-3960 / XSA-173 * x86: limit GFNs to 32 bits for shadowed superpages. - CVE-2016-4962 / XSA-175 * libxl: Record backend/frontend paths in /libxl/$DOMID * libxl: Provide libxl__backendpath_parse_domid * libxl: Do not trust frontend in libxl__devices_destroy * libxl: Do not trust frontend in libxl__device_nextid * libxl: Do not trust frontend for disk eject event * libxl: Do not trust frontend for disk in getinfo * libxl: Do not trust frontend for vtpm list * libxl: Do not trust frontend for vtpm in getinfo * libxl: Do not trust frontend for nic in libxl_devid_to_device_nic * libxl: Do not trust frontend for nic in getinfo * libxl: Do not trust frontend for channel in list * libxl: Do not trust frontend for channel in getinfo * libxl: Cleanup: Have libxl__alloc_vdev use /libxl * libxl: Document ~/serial/ correctly - CVE-2016-4480 / XSA-176 * x86/mm: fully honor PS bits in guest page table walks - CVE-2016-4963 / XSA-178 * libxl: Make copy of every xs backend in /libxl in _generic_add * libxl: Do not trust backend in libxl__device_exists * libxl: Do not trust backend for vtpm in getinfo (except uuid) * libxl: Do not trust backend for vtpm in getinfo (uuid) * libxl: cdrom eject and insert: write to /libxl * libxl: Do not trust backend for disk eject vdev * libxl: Do not trust backend for disk; fix driver domain disks list * libxl: Do not trust backend for disk in getinfo * libxl: Do not trust backend for cdrom insert * libxl: Do not trust backend for channel in getinfo * libxl: Rename libxl__device_{nic,channel}_from_xs_be to _from_xenstore * libxl: Rename READ_BACKEND to READ_LIBXLDEV * libxl: Have READ_LIBXLDEV use libxl_path rather than be_path * libxl: Do not trust backend in nic getinfo * libxl: Do not trust backend for nic in devid_to_device * libxl: Do not trust backend for nic in list * libxl: Do not trust backend in channel list * libxl: Cleanup: use libxl__backendpath_parse_domid in libxl__device_disk_from_xs_be * libxl: Fix NULL pointer due to XSA-178 fix wrong XS nodename - CVE-2016-5242 / XSA-181 * xen/arm: Don't free p2m->first_level in p2m_teardown() before it has been allocated
applied/debian/wheezy	2016-04-02 23:45:40 UTC 2016-04-02	Import patches-applied version 4.1.4-3+deb7u9 to applied/debian/wheezy Author: Salvatore Bonaccorso Author Date: 2015-10-31 06:08:27 UTC Import patches-applied version 4.1.4-3+deb7u9 to applied/debian/wheezy Imported using git-ubuntu import. Changelog parent: 8d81662d47746c2f345e0e884ba2d7583b903254 Unapplied parent: 278e78680c19845014f286c55f54a574976267fb New changelog entries: * Non-maintainer upload by the Security Team. * Add CVE-2015-7835-xsa148.patch patch. CVE-2015-7835: x86: Uncontrolled creation of large page mappings by PV guests.
debian/wheezy	2016-04-02 23:45:40 UTC 2016-04-02	Import patches-unapplied version 4.1.4-3+deb7u9 to debian/wheezy Author: Salvatore Bonaccorso Author Date: 2015-10-31 06:08:27 UTC Import patches-unapplied version 4.1.4-3+deb7u9 to debian/wheezy Imported using git-ubuntu import. Changelog parent: 7d0630bce10650214cc17e87cb4cc691f7bdeb7e New changelog entries: * Non-maintainer upload by the Security Team. * Add CVE-2015-7835-xsa148.patch patch. CVE-2015-7835: x86: Uncontrolled creation of large page mappings by PV guests.
applied/ubuntu/xenial	2016-02-19 11:38:48 UTC 2016-02-19	Import patches-applied version 4.6.0-1ubuntu4 to applied/ubuntu/xenial-proposed Author: Stefan Bader Author Date: 2016-02-19 11:08:31 UTC Import patches-applied version 4.6.0-1ubuntu4 to applied/ubuntu/xenial-proposed Imported using git-ubuntu import. Changelog parent: 2f8baf6425d17dc7f6e1a399ff474d4b11de9265 Unapplied parent: 0559721acc4cb15ef7f6c9a18918654ba99935f9 New changelog entries: * d/rules.real: Set LANG=C.UTF-8 for the builds to avoid a grep bug.
ubuntu/xenial	2016-02-19 11:38:48 UTC 2016-02-19	Import patches-unapplied version 4.6.0-1ubuntu4 to ubuntu/xenial-proposed Author: Stefan Bader Author Date: 2016-02-19 11:08:31 UTC Import patches-unapplied version 4.6.0-1ubuntu4 to ubuntu/xenial-proposed Imported using git-ubuntu import. Changelog parent: 0aa143bef8b524653fe52394e567d89c9998b6d8 New changelog entries: * d/rules.real: Set LANG=C.UTF-8 for the builds to avoid a grep bug.
ubuntu/vivid-updates	2015-12-17 15:20:08 UTC 2015-12-17	Import patches-unapplied version 4.5.0-1ubuntu4.4 to ubuntu/vivid-security Author: Stefan Bader Author Date: 2015-12-16 15:09:20 UTC Import patches-unapplied version 4.5.0-1ubuntu4.4 to ubuntu/vivid-security Imported using git-ubuntu import. Changelog parent: 48e30073afa67c3ca5880ec96a12171f57615ebf New changelog entries: * Applying Xen Security Advisories: - CVE-2015-8550 / XSA-155 * xen: Add RING_COPY_REQUEST() * blktap2: Use RING_COPY_REQUEST * libvchan: Read prod/cons only once. - CVE-2015-8338 / XSA-158 * memory: split and tighten maximum order permitted in memops - CVE-2015-8339, CVE-2015-8340 / XSA-159 * memory: fix XENMEM_exchange error handling - CVE-2015-8341 / XSA-160 * libxl: Fix bootloader-related virtual memory leak on pv build failure - CVE-2015-8555 / XSA-165 * x86: don't leak ST(n)/XMMn values to domains first using them - CVE-2015-???? / XSA-166 * x86/HVM: avoid reading ioreq state more than once
applied/ubuntu/vivid-devel	2015-12-17 15:20:08 UTC 2015-12-17	Import patches-applied version 4.5.0-1ubuntu4.4 to applied/ubuntu/vivid-security Author: Stefan Bader Author Date: 2015-12-16 15:09:20 UTC Import patches-applied version 4.5.0-1ubuntu4.4 to applied/ubuntu/vivid-security Imported using git-ubuntu import. Changelog parent: 8b3c93a08bf650c5078ba8b886f8b5efd8ede53f Unapplied parent: 20fd5c7b52f4ea2247046665475c599362b9224b New changelog entries: * Applying Xen Security Advisories: - CVE-2015-8550 / XSA-155 * xen: Add RING_COPY_REQUEST() * blktap2: Use RING_COPY_REQUEST * libvchan: Read prod/cons only once. - CVE-2015-8338 / XSA-158 * memory: split and tighten maximum order permitted in memops - CVE-2015-8339, CVE-2015-8340 / XSA-159 * memory: fix XENMEM_exchange error handling - CVE-2015-8341 / XSA-160 * libxl: Fix bootloader-related virtual memory leak on pv build failure - CVE-2015-8555 / XSA-165 * x86: don't leak ST(n)/XMMn values to domains first using them - CVE-2015-???? / XSA-166 * x86/HVM: avoid reading ioreq state more than once
applied/ubuntu/vivid-security	2015-12-17 15:20:08 UTC 2015-12-17	Import patches-applied version 4.5.0-1ubuntu4.4 to applied/ubuntu/vivid-security Author: Stefan Bader Author Date: 2015-12-16 15:09:20 UTC Import patches-applied version 4.5.0-1ubuntu4.4 to applied/ubuntu/vivid-security Imported using git-ubuntu import. Changelog parent: 8b3c93a08bf650c5078ba8b886f8b5efd8ede53f Unapplied parent: 20fd5c7b52f4ea2247046665475c599362b9224b New changelog entries: * Applying Xen Security Advisories: - CVE-2015-8550 / XSA-155 * xen: Add RING_COPY_REQUEST() * blktap2: Use RING_COPY_REQUEST * libvchan: Read prod/cons only once. - CVE-2015-8338 / XSA-158 * memory: split and tighten maximum order permitted in memops - CVE-2015-8339, CVE-2015-8340 / XSA-159 * memory: fix XENMEM_exchange error handling - CVE-2015-8341 / XSA-160 * libxl: Fix bootloader-related virtual memory leak on pv build failure - CVE-2015-8555 / XSA-165 * x86: don't leak ST(n)/XMMn values to domains first using them - CVE-2015-???? / XSA-166 * x86/HVM: avoid reading ioreq state more than once
applied/ubuntu/vivid-updates	2015-12-17 15:20:08 UTC 2015-12-17	Import patches-applied version 4.5.0-1ubuntu4.4 to applied/ubuntu/vivid-security Author: Stefan Bader Author Date: 2015-12-16 15:09:20 UTC Import patches-applied version 4.5.0-1ubuntu4.4 to applied/ubuntu/vivid-security Imported using git-ubuntu import. Changelog parent: 8b3c93a08bf650c5078ba8b886f8b5efd8ede53f Unapplied parent: 20fd5c7b52f4ea2247046665475c599362b9224b New changelog entries: * Applying Xen Security Advisories: - CVE-2015-8550 / XSA-155 * xen: Add RING_COPY_REQUEST() * blktap2: Use RING_COPY_REQUEST * libvchan: Read prod/cons only once. - CVE-2015-8338 / XSA-158 * memory: split and tighten maximum order permitted in memops - CVE-2015-8339, CVE-2015-8340 / XSA-159 * memory: fix XENMEM_exchange error handling - CVE-2015-8341 / XSA-160 * libxl: Fix bootloader-related virtual memory leak on pv build failure - CVE-2015-8555 / XSA-165 * x86: don't leak ST(n)/XMMn values to domains first using them - CVE-2015-???? / XSA-166 * x86/HVM: avoid reading ioreq state more than once
ubuntu/vivid-devel	2015-12-17 15:20:08 UTC 2015-12-17	Import patches-unapplied version 4.5.0-1ubuntu4.4 to ubuntu/vivid-security Author: Stefan Bader Author Date: 2015-12-16 15:09:20 UTC Import patches-unapplied version 4.5.0-1ubuntu4.4 to ubuntu/vivid-security Imported using git-ubuntu import. Changelog parent: 48e30073afa67c3ca5880ec96a12171f57615ebf New changelog entries: * Applying Xen Security Advisories: - CVE-2015-8550 / XSA-155 * xen: Add RING_COPY_REQUEST() * blktap2: Use RING_COPY_REQUEST * libvchan: Read prod/cons only once. - CVE-2015-8338 / XSA-158 * memory: split and tighten maximum order permitted in memops - CVE-2015-8339, CVE-2015-8340 / XSA-159 * memory: fix XENMEM_exchange error handling - CVE-2015-8341 / XSA-160 * libxl: Fix bootloader-related virtual memory leak on pv build failure - CVE-2015-8555 / XSA-165 * x86: don't leak ST(n)/XMMn values to domains first using them - CVE-2015-???? / XSA-166 * x86/HVM: avoid reading ioreq state more than once
ubuntu/vivid-security	2015-12-17 15:20:08 UTC 2015-12-17	Import patches-unapplied version 4.5.0-1ubuntu4.4 to ubuntu/vivid-security Author: Stefan Bader Author Date: 2015-12-16 15:09:20 UTC Import patches-unapplied version 4.5.0-1ubuntu4.4 to ubuntu/vivid-security Imported using git-ubuntu import. Changelog parent: 48e30073afa67c3ca5880ec96a12171f57615ebf New changelog entries: * Applying Xen Security Advisories: - CVE-2015-8550 / XSA-155 * xen: Add RING_COPY_REQUEST() * blktap2: Use RING_COPY_REQUEST * libvchan: Read prod/cons only once. - CVE-2015-8338 / XSA-158 * memory: split and tighten maximum order permitted in memops - CVE-2015-8339, CVE-2015-8340 / XSA-159 * memory: fix XENMEM_exchange error handling - CVE-2015-8341 / XSA-160 * libxl: Fix bootloader-related virtual memory leak on pv build failure - CVE-2015-8555 / XSA-165 * x86: don't leak ST(n)/XMMn values to domains first using them - CVE-2015-???? / XSA-166 * x86/HVM: avoid reading ioreq state more than once
ubuntu/wily-proposed	2015-09-03 22:13:18 UTC 2015-09-03	Import patches-unapplied version 4.5.1-0ubuntu1 to ubuntu/wily-proposed Author: Stefan Bader Author Date: 2015-09-02 14:37:39 UTC Import patches-unapplied version 4.5.1-0ubuntu1 to ubuntu/wily-proposed Imported using git-ubuntu import. Changelog parent: 644f68d93f7b4de29c6cdb46d93c65aa4b73832c New changelog entries: * New upstream stable release (4.5.1) - Replacing the following security changes by upstream versions: * CVE-2014-3969 / XSA-98 (update), CVE-2015-0268 / XSA-117, CVE-2015-1563 / XSA-118, CVE-2015-2152 / XSA-119, CVE-2015-2044 / XSA-121, CVE-2015-2045 / XSA-122, CVE-2015-2151 / XSA-123, CVE-2015-2752 / XSA-125, CVE-2015-2751 / XSA-127 - Included security changes which where not yet applied: * CVE-2015-4163 / XSA-134, CVE-2015-4164 / XSA-136 * Applying additional Xen Security Advisories: - CVE-2015-3259 / XSA-137 * xl: Sane handling of extra config file arguments - CVE-2015-6654 / XSA-141 * xen/arm: mm: Do not dump the p2m when mapping a foreign gfn
applied/ubuntu/wily	2015-09-03 22:13:18 UTC 2015-09-03	Import patches-applied version 4.5.1-0ubuntu1 to applied/ubuntu/wily-proposed Author: Stefan Bader Author Date: 2015-09-02 14:37:39 UTC Import patches-applied version 4.5.1-0ubuntu1 to applied/ubuntu/wily-proposed Imported using git-ubuntu import. Changelog parent: bedd6174840c18d86554a52b812b2699c0926f83 Unapplied parent: 67aa7e07d875f3106ccc78cbcd04326072ccae3a New changelog entries: * New upstream stable release (4.5.1) - Replacing the following security changes by upstream versions: * CVE-2014-3969 / XSA-98 (update), CVE-2015-0268 / XSA-117, CVE-2015-1563 / XSA-118, CVE-2015-2152 / XSA-119, CVE-2015-2044 / XSA-121, CVE-2015-2045 / XSA-122, CVE-2015-2151 / XSA-123, CVE-2015-2752 / XSA-125, CVE-2015-2751 / XSA-127 - Included security changes which where not yet applied: * CVE-2015-4163 / XSA-134, CVE-2015-4164 / XSA-136 * Applying additional Xen Security Advisories: - CVE-2015-3259 / XSA-137 * xl: Sane handling of extra config file arguments - CVE-2015-6654 / XSA-141 * xen/arm: mm: Do not dump the p2m when mapping a foreign gfn
applied/ubuntu/wily-proposed	2015-09-03 22:13:18 UTC 2015-09-03	Import patches-applied version 4.5.1-0ubuntu1 to applied/ubuntu/wily-proposed Author: Stefan Bader Author Date: 2015-09-02 14:37:39 UTC Import patches-applied version 4.5.1-0ubuntu1 to applied/ubuntu/wily-proposed Imported using git-ubuntu import. Changelog parent: bedd6174840c18d86554a52b812b2699c0926f83 Unapplied parent: 67aa7e07d875f3106ccc78cbcd04326072ccae3a New changelog entries: * New upstream stable release (4.5.1) - Replacing the following security changes by upstream versions: * CVE-2014-3969 / XSA-98 (update), CVE-2015-0268 / XSA-117, CVE-2015-1563 / XSA-118, CVE-2015-2152 / XSA-119, CVE-2015-2044 / XSA-121, CVE-2015-2045 / XSA-122, CVE-2015-2151 / XSA-123, CVE-2015-2752 / XSA-125, CVE-2015-2751 / XSA-127 - Included security changes which where not yet applied: * CVE-2015-4163 / XSA-134, CVE-2015-4164 / XSA-136 * Applying additional Xen Security Advisories: - CVE-2015-3259 / XSA-137 * xl: Sane handling of extra config file arguments - CVE-2015-6654 / XSA-141 * xen/arm: mm: Do not dump the p2m when mapping a foreign gfn
ubuntu/wily	2015-09-03 22:13:18 UTC 2015-09-03	Import patches-unapplied version 4.5.1-0ubuntu1 to ubuntu/wily-proposed Author: Stefan Bader Author Date: 2015-09-02 14:37:39 UTC Import patches-unapplied version 4.5.1-0ubuntu1 to ubuntu/wily-proposed Imported using git-ubuntu import. Changelog parent: 644f68d93f7b4de29c6cdb46d93c65aa4b73832c New changelog entries: * New upstream stable release (4.5.1) - Replacing the following security changes by upstream versions: * CVE-2014-3969 / XSA-98 (update), CVE-2015-0268 / XSA-117, CVE-2015-1563 / XSA-118, CVE-2015-2152 / XSA-119, CVE-2015-2044 / XSA-121, CVE-2015-2045 / XSA-122, CVE-2015-2151 / XSA-123, CVE-2015-2752 / XSA-125, CVE-2015-2751 / XSA-127 - Included security changes which where not yet applied: * CVE-2015-4163 / XSA-134, CVE-2015-4164 / XSA-136 * Applying additional Xen Security Advisories: - CVE-2015-3259 / XSA-137 * xl: Sane handling of extra config file arguments - CVE-2015-6654 / XSA-141 * xen/arm: mm: Do not dump the p2m when mapping a foreign gfn
applied/ubuntu/utopic-devel	2015-05-20 13:48:11 UTC 2015-05-20	Import patches-applied version 4.4.1-0ubuntu0.14.10.6 to applied/ubuntu/utopi... Author: Stefan Bader Author Date: 2015-05-13 14:33:47 UTC Import patches-applied version 4.4.1-0ubuntu0.14.10.6 to applied/ubuntu/utopic-security Imported using git-ubuntu import. Changelog parent: 4243d1052065e7d80d179722a3cddc5ae34d9784 Unapplied parent: f23e59112f782f4ecb87824c65b94a9a3e2e6937 New changelog entries: * Applying Xen Security Advisories: - CVE-2015-3340 / XSA-132 * domctl/sysctl: don't leak hypervisor stack to toolstacks - CVE-2015-3456 / XSA-133 * qemut: fdc: force the fifo access to be in bounds of the allocated buffer
ubuntu/utopic-updates	2015-05-20 13:48:11 UTC 2015-05-20	Import patches-unapplied version 4.4.1-0ubuntu0.14.10.6 to ubuntu/utopic-secu... Author: Stefan Bader Author Date: 2015-05-13 14:33:47 UTC Import patches-unapplied version 4.4.1-0ubuntu0.14.10.6 to ubuntu/utopic-security Imported using git-ubuntu import. Changelog parent: e7847f49f3f14c60b61f027a42e341e05f1709c8 New changelog entries: * Applying Xen Security Advisories: - CVE-2015-3340 / XSA-132 * domctl/sysctl: don't leak hypervisor stack to toolstacks - CVE-2015-3456 / XSA-133 * qemut: fdc: force the fifo access to be in bounds of the allocated buffer
ubuntu/utopic-security	2015-05-20 13:48:11 UTC 2015-05-20	Import patches-unapplied version 4.4.1-0ubuntu0.14.10.6 to ubuntu/utopic-secu... Author: Stefan Bader Author Date: 2015-05-13 14:33:47 UTC Import patches-unapplied version 4.4.1-0ubuntu0.14.10.6 to ubuntu/utopic-security Imported using git-ubuntu import. Changelog parent: e7847f49f3f14c60b61f027a42e341e05f1709c8 New changelog entries: * Applying Xen Security Advisories: - CVE-2015-3340 / XSA-132 * domctl/sysctl: don't leak hypervisor stack to toolstacks - CVE-2015-3456 / XSA-133 * qemut: fdc: force the fifo access to be in bounds of the allocated buffer
applied/ubuntu/utopic-updates	2015-05-20 13:48:11 UTC 2015-05-20	Import patches-applied version 4.4.1-0ubuntu0.14.10.6 to applied/ubuntu/utopi... Author: Stefan Bader Author Date: 2015-05-13 14:33:47 UTC Import patches-applied version 4.4.1-0ubuntu0.14.10.6 to applied/ubuntu/utopic-security Imported using git-ubuntu import. Changelog parent: 4243d1052065e7d80d179722a3cddc5ae34d9784 Unapplied parent: f23e59112f782f4ecb87824c65b94a9a3e2e6937 New changelog entries: * Applying Xen Security Advisories: - CVE-2015-3340 / XSA-132 * domctl/sysctl: don't leak hypervisor stack to toolstacks - CVE-2015-3456 / XSA-133 * qemut: fdc: force the fifo access to be in bounds of the allocated buffer

Other repositories

Name	Last Modified
lp:ubuntu/+source/xen	2018-10-17

You can't create new repositories for xen in Ubuntu.