Comment 4 for bug 1086875

This bug was fixed in the package xen - 4.2.0-1ubuntu4

---------------
xen (4.2.0-1ubuntu4) raring; urgency=low

  * Applying Xen Security fixes (LP: #1086875)
    - gnttab: fix releasing of memory upon switches between versions
      CVE-2012-5510
    - hvm: Limit the size of large HVM op batches
      CVE-2012-5511
    - xen: add missing guest address range checks to XENMEM_exchange handlers
      CVE-2012-5513
    - xen: fix error handling of guest_physmap_mark_populate_on_demand()
      CVE-2012-5514
    - memop: limit guest specified extent order
      CVE-2012-5515
    - x86: get_page_from_gfn() must return NULL for invalid GFNs
      CVE-2012-5525

xen (4.2.0-1ubuntu3) raring; urgency=low

  * tools-ocaml-fix-build: refresh and reenable (and fix the description
    of) this patch. Without it the ocam native libraries (*.cmxa)
    build in /build local paths rather than appropriatly versioned
    library references.

xen (4.2.0-1ubuntu2) raring; urgency=low

  * Drop replaces and conflicts for xen3 packages (they are no longer
    in the upgrade path) from debian/control:
    - libxenstore3.0: Conflict and replaces libxen3.
    - libxen-dev: Conflict and replaces libxen3-dev.
    - xenstore-utils: Conflict and replaces libxen3
    - xen-utils-4.1: Conflict and replaces libxen3, python-xen-3.3,
      and xen-utils-3.3
  * Use dpkg-buildflags and strip the gcc prefix for getting LDFLAGS.
    This will again use the Ubuntu specific LDFLAGS (using some
    hardening options). Older releases would always pass those options
    in the environment but that changed.
  * Ressurrect qemu-dm for now (upstream qemu would not support
    migration, yet). Forward-port some patches from the old Debian
    package which still included qemu-dm:
    - qemu-prefix (modify LDFLAGS to point to lib dir for qemu-dm)
    - qemu-disable-blktap (this is not present in upstream)
    - ubuntu-qemu-disable-qemu-upstream (breaks build and also should
      be provided by qemu/kvm package)
  * Build depend on kvm-ipxe (instead of ipxe) as it is smaller and fix
    up hvmloader build. kvm-ipxe contains a subset of the rom files from
    which the Xen build only uses two to be embedded in the hvmloader.
  * XSA-20: Prevent overflow in calculations, leading to DoS vulnerability
    - CVE-2012-4535
  * XSA-22: Prevent incorrect updates of m2p mappings
    - CVE-2012-4537
  * XSA-23: check toplevel pagetables are present before unhooking them
    - CVE-2012-4538
  * XSA-24: Prevent infinite loop in compat code
    - CVE-2012-4539
  * XSA-25: limit maximum size of kernel/ramdisk
    - CVE-2012-4544

xen (4.2.0-1ubuntu1) raring; urgency=low

  * Merge from Debian Experimental, Remaining changes:
    - debian/control:
      - Build depends on ipxe-qemu.
      - libxenstore3.0: Conflict and replaces libxen3.
      - libxen-dev: Conflict and replaces libxen3-dev.
      - xenstore-utils: Conflict and replaces libxen3
      - xen-utils-4.1: Conflict and replaces libxen3, python-xen-3.3,
        and xen-utils-4.1.
      - Make sure the LDFLAGS value passed is suitable for use by ld
        rather than gcc.
    - disable debian/patches/config-etherboot.diff.
    - debian/patches/silence-gcc-warnings.patch: Silence gcc warnings.

xen (4.2.0-1) experimental; urgency=low

  * New upstream release.

xen (4.2.0~rc3-1) experimental; urgency=low

  * New upstream snapshot.

xen (4.2.0~rc2-1) experimental; urgency=low

  * New upstream snapshot.
  * Build-depend against libglib2.0-dev and libyajl-dev.
  * Disable seabios build for now.
  * Remove support for Lenny and earlier.
  * Support build-arch and build-indep make targets.
 -- Stefan Bader <email address hidden> Wed, 05 Dec 2012 18:13:25 +0100