Your message dated Wed, 11 Mar 2015 21:20:42 +0000 with message-id <e1yvo3w-0004sp...@franck.debian.org> and subject line Bug#780227: fixed in xen 4.4.1-8 has caused the Debian Bug report #780227, regarding XSA-123 / CVE-2015-2151 Hypervisor memory corruption due to x86 emulator flaw to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 780227: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780227 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: xen-hypervisor-4.1-amd64 Version: 4.1.4-3+deb7u4 Severity: critical Hi, Not sure how come I'm the first one to file this kind of a bug report :) but here goes JFTR... http://xenbits.xen.org/xsa/advisory-123.html was embargoed, but advance warning was given to several big Xen VM farms, which led to e.g. https://aws.amazon.com/premiumsupport/maintenance-2015-03/ http://status.linode.com/incidents/2dyvn29ds5mz I'm guessing the security team is on top of this...? https://security-tracker.debian.org/tracker/CVE-2015-2151 TIA. -- 2. That which causes joy or happiness.
--- End Message ---
--- Begin Message ---Source: xen Source-Version: 4.4.1-8 We believe that the bug you reported is fixed in the latest version of xen, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 780...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Bastian Blank <wa...@debian.org> (supplier of updated xen package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 11 Mar 2015 20:59:23 +0100 Source: xen Binary: libxen-4.4 libxenstore3.0 libxen-dev xenstore-utils xen-utils-common xen-utils-4.4 xen-hypervisor-4.4-amd64 xen-system-amd64 xen-hypervisor-4.4-arm64 xen-system-arm64 xen-hypervisor-4.4-armhf xen-system-armhf Architecture: source amd64 all Version: 4.4.1-8 Distribution: unstable Urgency: high Maintainer: Debian Xen Team <pkg-xen-de...@lists.alioth.debian.org> Changed-By: Bastian Blank <wa...@debian.org> Description: libxen-4.4 - Public libs for Xen libxen-dev - Public headers and libs for Xen libxenstore3.0 - Xenstore communications library for Xen xen-hypervisor-4.4-amd64 - Xen Hypervisor on AMD64 xen-hypervisor-4.4-arm64 - Xen Hypervisor on ARM64 xen-hypervisor-4.4-armhf - Xen Hypervisor on ARMHF xen-system-amd64 - Xen System on AMD64 (meta-package) xen-system-arm64 - Xen System on ARM64 (meta-package) xen-system-armhf - Xen System on ARMHF (meta-package) xen-utils-4.4 - XEN administrative tools xen-utils-common - Xen administrative tools - common files xenstore-utils - Xenstore command line utilities for Xen Closes: 780227 Changes: xen (4.4.1-8) unstable; urgency=high . * Fix uninitialized return from wrong-sized reads from system devices. CVE-2015-2044 * Fix hypervisor memory leak in uninitialized structures. CVE-2015-2045 * Fix hypervisor memory corruption in x86 emulation. (closes: #780227) CVE-2015-2151 Checksums-Sha1: 6d3bb7793f5dad171660649b8179f0638d412878 2600 xen_4.4.1-8.dsc 5369dce76642a5335efdc59964b55d9690a389fc 69760 xen_4.4.1-8.debian.tar.xz b3c053737c0a50082decf7ea4389061dc71325bf 1671348 xen-hypervisor-4.4-amd64_4.4.1-8_amd64.deb fbe833d67872de63fdf98c19575f2acaec7d8ba3 121078 xen-utils-common_4.4.1-8_all.deb b66f1344ad69bb87b44bf63e5ca6d12d9735663c 19856 xen-system-amd64_4.4.1-8_amd64.deb f6b6b173587af139dd0a8928b7ff50795e7e3562 476922 libxen-dev_4.4.1-8_amd64.deb 99ad274c8aa2746815ab047dacaecb216f0b7199 30726 libxenstore3.0_4.4.1-8_amd64.deb 0fd4a00ae7c13a74b2079c5538b02b5612333e50 26400 xenstore-utils_4.4.1-8_amd64.deb 52525e70811eb4957173eaac3e69cb6a20cd44e5 295340 libxen-4.4_4.4.1-8_amd64.deb e6660682775b3c009b42bc2ea207524a83e7d1e9 393352 xen-utils-4.4_4.4.1-8_amd64.deb Checksums-Sha256: 80b70cd40f732b4751b4802adeb25281a1f0a65cb6eb471d6f6265f9f8df0006 2600 xen_4.4.1-8.dsc 9a42a3a5313617d2f3f0144b272a8572a79323f75942943aea6b17fd6d7256c0 69760 xen_4.4.1-8.debian.tar.xz b6bc41230366863a4645d04c49cae5bcbbefde15ca87323244bba033c6b9f347 1671348 xen-hypervisor-4.4-amd64_4.4.1-8_amd64.deb 61cfb5904c7d325e8bba0473220d1d4ea7ee4119a909f78cff31884d4e5fd6ed 121078 xen-utils-common_4.4.1-8_all.deb f7c616a54b86586ca47e5f4938e6b09a467dd33643d86dd0d0076cc84f194053 19856 xen-system-amd64_4.4.1-8_amd64.deb 8173eb86705055054d9c0425f1098b6b65fbf261b3d9d950b5dae874519796ce 476922 libxen-dev_4.4.1-8_amd64.deb 9b93e566c075675340e6780383d79cb699951edd59de29336ed5bb10da21a891 30726 libxenstore3.0_4.4.1-8_amd64.deb 49f1faf71365f1399bc24769dd846b9836df6202e0e21fe1d6527839f609a86a 26400 xenstore-utils_4.4.1-8_amd64.deb e59bc3ebf37f7db684381df4b130e846148eaa3b5d97820ee9d4ecdcbfe4b3e9 295340 libxen-4.4_4.4.1-8_amd64.deb 9d7d66a33f566d7755f943ab12cd62b036a80190df8c729d4b5f42ded37da8eb 393352 xen-utils-4.4_4.4.1-8_amd64.deb Files: 269dc782f4f5a068168b264fd345c833 2600 kernel optional xen_4.4.1-8.dsc 27d3101a76682dcf701c6529d5fa50d5 69760 kernel optional xen_4.4.1-8.debian.tar.xz aabf9eb67e22a9f0f243c917e2cfc429 1671348 kernel optional xen-hypervisor-4.4-amd64_4.4.1-8_amd64.deb 38865f8fb8d4a52f715a088c5e8df5a4 121078 kernel optional xen-utils-common_4.4.1-8_all.deb bfce6abc93087c89662833425f2e0040 19856 kernel optional xen-system-amd64_4.4.1-8_amd64.deb c01590ef1015503fd8cee41bba6076e4 476922 libdevel optional libxen-dev_4.4.1-8_amd64.deb 79a7ea0520e594cb1ca2a6dadbd67b7b 30726 libs optional libxenstore3.0_4.4.1-8_amd64.deb 3739dc73b21cbe4395e74034d2a6b060 26400 admin optional xenstore-utils_4.4.1-8_amd64.deb a06f083b11561dca6803acf26fea7cde 295340 libs optional libxen-4.4_4.4.1-8_amd64.deb 1072b2e560338ca720bf48cfce7b6199 393352 kernel optional xen-utils-4.4_4.4.1-8_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBCgAGBQJVAKUxAAoJEG2TiIWKaf5Rm9QH/3LksiUCswrKzKlwY87eqE4+ sKt1P85ngqlBsLeYXRES7ROO3QdHdMhla8HxSzNaSvazyPhgn4GexRji+moZRy83 HV3Qie90PY2wDlHC5miPpnM/LCdDL1r8vlckw9sarR9+5eHQKap4tiA+WfcwK2m7 zYaMRsJgILHey29t+JRn9r05ZHNMTKRTFrxKDSf7A2GQAbzZ5akW6KQ/XXqSxdT9 sh67suKlE1N7H0VrvXyP/+SAAbKs0kaV0sZrKVPBejZHT7EiwCS8sZNCkYZnRGhs uFi20rhtAq5Uga5cgiwYNrK6UU1qVGehRBX8Pr0FkutmopxWD8i7cueID/GGQt8= =j2uZ -----END PGP SIGNATURE-----
--- End Message ---
