Change logs for xen source package in Jessie

xen (4.4.1-9+deb8u10) jessie-security; urgency=medium

  Security updates, including some very important fixes:
  * XSA-217 CVE-2017-10912
  * XSA-218 CVE-2017-10913 CVE-2017-10914
  * XSA-219 CVE-2017-10915
  * XSA-221 CVE-2017-10917
  * XSA-222 CVE-2017-10918
  * XSA-224 CVE-2017-10919
  * XSA-226 CVE-2017-12135
  * XSA-227 CVE-2017-12137
  * XSA-230 CVE-2017-12855
  * XSA-235 no CVE assigned yet

  Bugfixes:
  * evtchn: don't reuse ports that are still "busy" (for XSA-221 patch)

  FYI, XSAs which remain outstanding because no patch is available.
  * XSA-223: armhf/arm64 guest-induced host crash vulnerability

  FYI, inapplicable XSAs, for which no patch is included:
  * XSA-216: Bugs are in Linux and Qemu, not Xen
  * XSA-220: Xen 4.4 is not vulnerable
  * XSA-225: Xen 4.4 is not vulnerable
  * XSA-228: Xen 4.4 is not vulnerable
  * XSA-229: Bug is in Linux, not Xen

 -- Ian Jackson <email address hidden>  Tue, 05 Sep 2017 18:35:04 +0100

xen (4.4.1-9+deb8u9) jessie-security; urgency=medium

  Security updates:
  * XSA-200: Closes:#848081: CVE-2016-9932: x86 emulation operand size
  * XSA-202: CVE-2016-10024: x86 PV guests may be able to mask interrupts
  * XSA-204: CVE-2016-10013: x86: Mishandling of SYSCALL singlestep
  * XSA-212: Closes:#859560: CVE-2017-7228: x86: broken memory_exchange()
  * XSA-213: Closes:#861659: 64bit PV guest breakout
  * XSA-214: Closes:#861660: grant transfer PV privilege escalation
  * XSA-215: Closes:#861662: memory corruption via failsafe callback

 -- Ian Jackson <email address hidden>  Mon, 08 May 2017 15:04:37 +0100

xen (4.4.1-9+deb8u8) jessie-security; urgency=high

  * Non-maintainer upload by the Security Team.
  * CVE-2016-7777: CR0.TS and CR0.EM not always honored for x86 HVM guests
  * CVE-2016-9386: x86 null segments not always treated as unusable
    (Closes: #845663)
  * CVE-2016-9382: x86 task switch to VM86 mode mis-handled (Closes: #845664)
  * CVE-2016-9385: x86 segment base write emulation lacking canonical address
    checks (Closes: #845665)
  * CVE-2016-9383: x86 64-bit bit test instruction emulation broken
    (Closes: #845668)
  * CVE-2016-9379, CVE-2016-9380: delimiter injection vulnerabilities in
    pygrub (Closes: #845670)

 -- Salvatore Bonaccorso <email address hidden>  Sat, 03 Dec 2016 12:12:53 +0100

xen (4.4.1-9+deb8u7) jessie-security; urgency=high

  * Non-maintainer upload by the Security Team.
  * CVE-2016-7092: x86: Disallow L3 recursive pagetable for 32-bit PV guests
    (XSA-185)
  * CVE-2016-7094: x86 HVM: Overflow of sh_ctxt->seg_reg[] (XSA-187)
  * CVE-2016-7154: use after free in FIFO event channel code (XSA-188)

 -- Salvatore Bonaccorso <email address hidden>  Wed, 07 Sep 2016 22:01:43 +0200

xen (4.4.1-9+deb8u5) jessie-security; urgency=high

  * Non-maintainer upload by the Security Team.
  * CVE-2016-3158, CVE-2016-3159: broken AMD FPU FIP/FDP/FOP leak
    workaround
  * CVE-2016-3960: x86 shadow pagetables: address width overflow

 -- Salvatore Bonaccorso <email address hidden>  Tue, 19 Apr 2016 20:42:09 +0200

xen (4.4.1-9+deb8u4) jessie-security; urgency=medium

  * CVE-2015-8339
  * CVE-2015-8340
  * CVE-2015-8341
  * CVE-2015-8550
  * CVE-2015-8555
  * CVE-2016-1570
  * CVE-2016-1571
  * CVE-2016-2270
  * CVE-2016-2271
  * XSA166

 -- Moritz Mühlenhoff <email address hidden>  Tue, 15 Mar 2016 22:18:35 +0100

xen (4.4.1-9+deb8u3) jessie-security; urgency=high

  * Fix CVE-2015-3259 (XSA-137)
  * Fix CVE-2015-3340 (XSA-132)
  * Fix CVE-2015-6654 (XSA-141)
  * Fix CVE-2015-7311 (XSA-142)
  * Fix CVE-2015-7812 (XSA-145)
  * Fix CVE-2015-7813 (XSA-146)
  * Fix CVE-2015-7814 (XSA-147)
  * Fix CVE-2015-7969 (XSA-151 and XSA-149)
  * Fix CVE-2015-7970 (XSA-150)
  * Fix CVE-2015-7971 (XSA-152)
  * Fix CVE-2015-7972 (XSA-153)
  * Fix CVE-2015-8104 and CVE-2015-5307 (XSA-156)

 -- Guido Trotter <email address hidden>  Wed, 25 Nov 2015 13:03:13 +0000

xen (4.4.1-9+deb8u1) jessie-security; urgency=medium

  * Apply fix for CVE-2015-4163 (XSA 134)
    - gnttab: add missing version check to GNTTABOP_swap_grant_ref handling
      ... avoiding NULL derefs when the version to use wasn't set yet
  * Apply fix for CVE-2015-4164 (XSA 136)
    - x86/traps: loop in the correct direction in compat_iret()

 -- Guido Trotter <email address hidden>  Wed, 10 Jun 2015 18:16:26 +0000

xen (4.4.1-9) unstable; urgency=high


  * Explicitly disable graphics for qemu. (closes: #780975)
    CVE-2015-2152
  * Update fix for insufficient permissions checks on arm.
    CVE-2014-3969
  * Break apart long latenty MMIO operations. (closes: #781620)
    CVE-2015-2752
  * Disallow certain domain control operations. (closes: #781620)
    CVE-2015-2751

 -- Bastian Blank <email address hidden>  Mon, 06 Apr 2015 20:22:59 +0200

xen (4.4.1-8) unstable; urgency=high


  * Fix uninitialized return from wrong-sized reads from system devices.
    CVE-2015-2044
  * Fix hypervisor memory leak in uninitialized structures.
    CVE-2015-2045
  * Fix hypervisor memory corruption in x86 emulation. (closes: #780227)
    CVE-2015-2151

 -- Bastian Blank <email address hidden>  Wed, 11 Mar 2015 20:59:23 +0100

xen (4.4.1-7) unstable; urgency=medium


  [ Bastian Blank ]
  * Fix use after free on guest shutdown.
    CVE-2015-0361
  * Fix rate limits of guest triggered locking.
    CVE-2015-1563

  [ Ian Campbell ]
  * Use xen-init-dom0 from initscript when it is available.

 -- Bastian Blank <email address hidden>  Sun, 01 Mar 2015 00:56:58 +0100

xen (4.4.1-6) unstable; urgency=medium


  * Fix starvation of writers in locks.
    CVE-2014-9065

 -- Bastian Blank <email address hidden>  Thu, 11 Dec 2014 15:56:08 +0100

xen (4.4.1-5) unstable; urgency=medium


  * Fix excessive checks of hypercall arguments.
    CVE-2014-8866
  * Fix boundary checks of emulated MMIO access.
    CVE-2014-8867
  * Fix additional memory leaks in xl. (closes: #767295)

 -- Bastian Blank <email address hidden>  Sun, 30 Nov 2014 20:13:32 +0100

xen (4.4.1-3) unstable; urgency=medium


  [ Bastian Blank ]
  * Remove unused build-depencencies.
  * Extend list affected systems for broken interrupt assignment.
    CVE-2013-3495
  * Fix race in hvm memory management.
    CVE-2014-7154
  * Fix missing privilege checks on instruction emulation.
    CVE-2014-7155, CVE-2014-7156
  * Fix uninitialized control structures in FIFO handling.
    CVE-2014-6268
  * Fix MSR range check in emulation.
    CVE-2014-7188

  [ Ian Campbell ]
  * Install xen.efi into /boot for amd64 builds.

 -- Bastian Blank <email address hidden>  Fri, 17 Oct 2014 16:27:46 +0200

xen (4.4.1-2) unstable; urgency=medium


  * Re-build with correct content.
  * Use dh_lintian.

 -- Bastian Blank <email address hidden>  Wed, 24 Sep 2014 20:23:14 +0200

xen (4.4.0-5) unstable; urgency=medium


  [ Ian Campbell ]
  * Expand on the descriptions of some packages. (Closes: #466683)
  * Clarify where xen-utils-common is required. (Closes: #612403)
  * No longer depend on gawk. Xen can now use any awk one of which is always
    present. (Closes: #589176)
  * Put core dumps in /var/lib/xen/dump and ensure it exists.
    (Closes: #444000)

  [ Bastian Blank ]
  * Handle JSON output from xl in xendomains init script.

 -- Bastian Blank <email address hidden>  Sat, 06 Sep 2014 22:11:20 +0200

xen (4.4.0-4) unstable; urgency=medium


  [ Bastian Blank ]
  * Also remove unused OCaml packages from control file.
  * Make library packages multi-arch: same. (closes: #730417)
  * Use debhelper compat level 9. (closes: #692352)

  [ Ian Campbell ]
  * Correct contents of /etc/xen/scripts/hotplugpath.sh (Closes: #706283)
  * Drop references cpuperf-xen and cpuperf-perfcntr. (Closes: #733847)
  * Install xentrace_format(1), xentrace(8) and xentop(1). (Closes: #407143)

 -- Bastian Blank <email address hidden>  Sat, 30 Aug 2014 13:34:04 +0200

xen (4.4.0-2) unstable; urgency=medium


  * Remove broken and unused OCaml-support.

 -- Bastian Blank <email address hidden>  Mon, 18 Aug 2014 15:18:42 +0200

xen (4.3.0-3) unstable; urgency=low


  * Revive hypervisor on i386.

 -- Bastian Blank <email address hidden>  Fri, 18 Oct 2013 00:15:16 +0200

xen (4.1.4-4) unstable; urgency=high


  * Make several long runing operations preemptible.
    CVE-2013-1918
  * Fix source validation for VT-d interrupt remapping.
    CVE-2013-1952

 -- Bastian Blank <email address hidden>  Thu, 02 May 2013 14:30:29 +0200