Change log for xen package in Ubuntu

175 of 166 results
Published in disco-release on 2018-10-30
Published in cosmic-release on 2018-05-04
Deleted in cosmic-proposed (Reason: moved to release)
xen (4.9.2-0ubuntu2) cosmic; urgency=medium

  * No-change rebuild for ncurses soname changes.

 -- Matthias Klose <email address hidden>  Thu, 03 May 2018 14:20:24 +0000

Available diffs

Superseded in cosmic-release on 2018-05-04
Published in bionic-release on 2018-04-16
Deleted in bionic-proposed (Reason: moved to release)
xen (4.9.2-0ubuntu1) bionic; urgency=medium

  * Update to upstream 4.9.2 release (LP: #1763354).
    Changes include numerous bugfixes, including security fixes/updates.
    4.9.0 -> 4.9.1:
    - XSA-226 / CVE-2017-12135 (replacement)
    - XSA-227 / CVE-2017-12137 (replacement)
    - XSA-228 / CVE-2017-12136 (replacement)
    - XSA-230 / CVE-2017-12855 (replacement)
    - XSA-231 / CVE-2017-14316 (replacement)
    - XSA-232 / CVE-2017-14318 (replacement)
    - XSA-233 / CVE-2017-14317 (replacement)
    - XSA-234 / CVE-2017-14319 (replacement)
    - XSA-235 / CVE-2017-15596 (replacement)
    - XSA-236 / CVE-2017-15597 (new)
    - XSA-237 / CVE-2017-15590 (replacement)
    - XSA-238 / CVE-2017-15591 (replacement)
    - XSA-239 / CVE-2017-15589 (replacement)
    - XSA-240 / CVE-2017-15595 (update)
    - XSA-241 / CVE-2017-15588 (replacement)
    - XSA-242 / CVE-2017-15593 (replacement)
    - XSA-243 / CVE-2017-15592 (replacement)
    - XSA-244 / CVE-2017-15594 (replacement)
    - XSA-245 / CVE-2017-17046 (replacement)
    4.9.1 -> 4.9.2:
    - XSA-246 / CVE-2017-17044 (new)
    - XSA-247 / CVE-2017-17045 (new)
    - XSA-248 / CVE-2017-17566 (new)
    - XSA-249 / CVE-2017-17563 (new)
    - XSA-250 / CVE-2017-17564 (new)
    - XSA-251 / CVE-2017-17565 (new)
    - XSA-252 / CVE-2018-7540  (new)
    - XSA-254 / CVE-2017-5754  (new / XPTI Meltdown mitigation)
    - XSA-255 / CVE-2018-7541  (new)
    - XSA-256 / CVE-2018-7542  (new)
  * Dropped:
    d/p/ubuntu/tools-fix-ftbs-arm.patch (upstream)

 -- Stefan Bader <email address hidden>  Thu, 12 Apr 2018 11:54:57 +0200

Available diffs

Superseded in bionic-release on 2018-04-16
Deleted in bionic-proposed on 2018-04-17 (Reason: moved to release)
xen (4.9.0-0ubuntu4) bionic; urgency=medium

  * Compile and ship vhd-util.
  * Add dh-python to build-depends.

 -- Dimitri John Ledkov <email address hidden>  Fri, 06 Apr 2018 17:35:43 +0100

Available diffs

Published in trusty-updates on 2017-10-16
Published in trusty-security on 2017-10-16
xen (4.4.2-0ubuntu0.14.04.14) trusty-security; urgency=medium

  * Applying Xen Security Advisories:
    - CVE-2017-14316 / XSA-231
      - xen/mm: make sure node is less than MAX_NUMNODES
    - CVE-2017-14317 / XSA-233
      - tools/xenstore: dont unlink connection object twice
    - CVE-2017-14319 / XSA-234
      - gnttab: also validate PTE permissions upon destroy/replace
    - XSA-235
      - arm/mm: release grant lock on xenmem_add_to_physmap_one() error paths
    - XSA-237
      - x86: don't allow MSI pIRQ mapping on unowned device
      - x86: enforce proper privilege when (un)mapping pIRQ-s
      - x86/MSI: disallow redundant enabling
      - x86/MSI: fix error handling
      - x86/IRQ: conditionally preserve irq <-> pirq mapping on map error
        paths
      - x86/FLASK: fix unmap-domain-IRQ XSM hook
    - XSA-239
      - x86/HVM: prefill partially used variable on emulation paths
    - XSA-240
      - x86: limit linear page table use to a single level
      - x86/mm: Disable PV linear pagetables by default
    - XSA-241
      - x86: don't store possibly stale TLB flush time stamp
    - XSA-242
      - x86: don't allow page_unlock() to drop the last type reference
    - XSA-243
      - x86: Disable the use of auto-translated PV guestsx86: Disable the use
        of auto-translated PV guests
      - x86/shadow: Don't create self-linear shadow mappings for 4-level
        translated guests
    - XSA-244
      - x86/cpu: Fix IST handling during PCPU bringup

Published in xenial-updates on 2017-10-16
Published in xenial-security on 2017-10-16
xen (4.6.5-0ubuntu1.4) xenial-security; urgency=medium

  * Applying Xen Security Advisories:
    - CVE-2017-14316 / XSA-231
      - xen/mm: make sure node is less than MAX_NUMNODES
    - CVE-2017-14318 / XSA-232
      - grant_table: fix GNTTABOP_cache_flush handling
    - CVE-2017-14317 / XSA-233
      - tools/xenstore: dont unlink connection object twice
    - CVE-2017-14319 / XSA-234
      - gnttab: also validate PTE permissions upon destroy/replace
    - XSA-235
      - arm/mm: release grant lock on xenmem_add_to_physmap_one() error paths
    - XSA-237
      - x86: don't allow MSI pIRQ mapping on unowned device
      - x86: enforce proper privilege when (un)mapping pIRQ-s
      - x86/MSI: disallow redundant enabling
      - x86/IRQ: conditionally preserve irq <-> pirq mapping on map error
        paths
      - x86/FLASK: fix unmap-domain-IRQ XSM hook
    - XSA-238
      - x86/ioreq server: correctly handle bogus
        XEN_DMOP_{,un}map_io_range_to_ioreq_server arguments
    - XSA-239
      - x86/HVM: prefill partially used variable on emulation paths
    - XSA-240
      - x86: limit linear page table use to a single level
      - x86/mm: Disable PV linear pagetables by default
    - XSA-241
      - x86: don't store possibly stale TLB flush time stamp
    - XSA-242
      - x86: don't allow page_unlock() to drop the last type reference
    - XSA-243
      - x86: Disable the use of auto-translated PV guestsx86: Disable the use
        of auto-translated PV guests
      - x86/shadow: Don't create self-linear shadow mappings for 4-level
        translated guests
    - XSA-244
      - x86/cpu: Fix IST handling during PCPU bringup
    - XSA-245
      - xen/page_alloc: Cover memory unreserved after boot in first_valid_mfn
      - xen/arm: Correctly report the memory region in the dummy NUMA helpers

Obsolete in zesty-updates on 2018-06-22
Obsolete in zesty-security on 2018-06-22
xen (4.8.0-1ubuntu2.4) zesty-security; urgency=medium

  * Applying Xen Security Advisories:
    - CVE-2017-14316 / XSA-231
      - xen/mm: make sure node is less than MAX_NUMNODES
    - CVE-2017-14318 / XSA-232
      - grant_table: fix GNTTABOP_cache_flush handling
    - CVE-2017-14317 / XSA-233
      - tools/xenstore: dont unlink connection object twice
    - CVE-2017-14319 / XSA-234
      - gnttab: also validate PTE permissions upon destroy/replace
    - XSA-235
      - arm/mm: release grant lock on xenmem_add_to_physmap_one() error paths
    - XSA-237
      - x86: don't allow MSI pIRQ mapping on unowned device
      - x86: enforce proper privilege when (un)mapping pIRQ-s
      - x86/MSI: disallow redundant enabling
      - x86/IRQ: conditionally preserve irq <-> pirq mapping on map error
        paths
      - x86/FLASK: fix unmap-domain-IRQ XSM hook
    - XSA-238
      - x86/ioreq server: correctly handle bogus
        XEN_DMOP_{,un}map_io_range_to_ioreq_server arguments
    - XSA-239
      - x86/HVM: prefill partially used variable on emulation paths
    - XSA-240
      - x86: limit linear page table use to a single level
      - x86/mm: Disable PV linear pagetables by default
    - XSA-241
      - x86: don't store possibly stale TLB flush time stamp
    - XSA-242
      - x86: don't allow page_unlock() to drop the last type reference
    - XSA-243
      - x86/shadow: Don't create self-linear shadow mappings for 4-level
        translated guests
    - XSA-244
      - x86/cpu: Fix IST handling during PCPU bringup
    - XSA-245
      - xen/page_alloc: Cover memory unreserved after boot in first_valid_mfn
      - xen/arm: Correctly report the memory region in the dummy NUMA helpers

Superseded in bionic-release on 2018-04-07
Published in artful-release on 2017-10-14
Deleted in artful-proposed (Reason: moved to release)
xen (4.9.0-0ubuntu3) artful; urgency=medium

  * Applying Xen Security Advisories:
    - CVE-2017-12135 / XSA-226
      - Revert: grant_table: Default to v1, and disallow transitive grants
      - gnttab: don't use possibly unbounded tail calls
      - gnttab: fix transitive grant handling
    - CVE-2017-14316 / XSA-231
      - xen/mm: make sure node is less than MAX_NUMNODES
    - CVE-2017-14318 / XSA-232
      - grant_table: fix GNTTABOP_cache_flush handling
    - CVE-2017-14317 / XSA-233
      - tools/xenstore: dont unlink connection object twice
    - CVE-2017-14319 / XSA-234
      - gnttab: also validate PTE permissions upon destroy/replace
    - XSA-235
      - arm/mm: release grant lock on xenmem_add_to_physmap_one() error paths
    - XSA-237
      - x86: don't allow MSI pIRQ mapping on unowned device
      - x86: enforce proper privilege when (un)mapping pIRQ-s
      - x86/MSI: disallow redundant enabling
      - x86/IRQ: conditionally preserve irq <-> pirq mapping on map error paths
      - x86/FLASK: fix unmap-domain-IRQ XSM hook
    - XSA-238
      - x86/ioreq server: correctly handle bogus
        XEN_DMOP_{,un}map_io_range_to_ioreq_server arguments
    - XSA-239
      - x86/HVM: prefill partially used variable on emulation paths
    - XSA-240
      - x86: limit linear page table use to a single level
      - x86/mm: Disable PV linear pagetables by default
    - XSA-241
      - x86: don't store possibly stale TLB flush time stamp
    - XSA-242
      - x86: don't allow page_unlock() to drop the last type reference
    - XSA-243
      - x86/shadow: Don't create self-linear shadow mappings for 4-level
        translated guests
    - XSA-244
      - x86/cpu: Fix IST handling during PCPU bringup
    - XSA-245
      - xen/page_alloc: Cover memory unreserved after boot in first_valid_mfn
      - xen/arm: Correctly report the memory region in the dummy NUMA helpers

 -- Stefan Bader <email address hidden>  Tue, 10 Oct 2017 11:24:52 +0200

Available diffs

Superseded in artful-release on 2017-10-14
Deleted in artful-proposed on 2017-10-15 (Reason: moved to release)
xen (4.9.0-0ubuntu2) artful; urgency=medium

  * Add libxendevicemodel references to d/libxen-dev.install

Superseded in artful-proposed on 2017-08-18
xen (4.9.0-0ubuntu1) artful; urgency=medium

  * Update to upstream 4.9.0 release.
    Changes include numerous bugfixes, including security fixes for:
    XSA-213 / CVE-2017-8903
    XSA-214 / CVE-2017-8904
    XSA-217 / CVE-2017-10912
    XSA-218 / CVE-2017-10913, CVE-2017-10914
    XSA-219 / CVE-2017-10915
    XSA-220 / CVE-2017-10916
    XSA-221 / CVE-2017-10917
    XSA-222 / CVE-2017-10918
    XSA-223 / CVE-2017-10919
    XSA-224 / CVE-2017-10920, CVE-2017-10921, CVE-2017-10922
    XSA-225 / CVE-2017-10923
  * Additional CVE's:
    - XSA-226 / CVE-2017-12135
    - XSA-227 / CVE-2017-12137
    - XSA-228 / CVE-2017-12136
    - XSA-230 / CVE-2017-12855
  * Additional fixes:
    - debian/rules.real:
      - Add a call to build common tool headers
      - Add a call to install common tool headers
    - Add checking of return values of asprintf calls.
      - d/p/ubuntu/tools-xs-test-hardening.patch
    - Add additional modifications for new libxendevicemodel
      - d/p/ubuntu/tools-libs-abiname.diff
    - Fix a segmentation fault when mmio_hole is set in hvm.cfg (from 4.9.y)
      - d/p/upstream-4.9.1-tools-libxl-Fix-a-segment-fault-when-mmio_hole...
    - Enable Local MCE feature
      - d/p/.../0001-x86-mce-make-mce-barriers-private-to-their-users.patch
      - d/p/.../0002-x86-mce-make-found_error-and-mce_fatal_cpus-private-.patch
      - d/p/.../0003-x86-mce-fix-comment-of-struct-mc_telem_cpu_ctl.patch
      - d/p/.../0004-x86-mce-allow-mce_barrier_-enter-exit-to-return-with.patch
      - d/p/.../0005-x86-mce-handle-host-LMCE.patch
      - d/p/.../0006-x86-mce_intel-detect-and-enable-LMCE-on-Intel-host.patch
      - d/p/.../0007-x86-domctl-generalize-the-restore-of-vMCE-parameters.patch
      - d/p/.../0008-x86-vmce-emulate-MSR_IA32_MCG_EXT_CTL.patch
      - d/p/.../0009-x86-vmce-enable-injecting-LMCE-to-guest-on-Intel-hos.patch
      - d/p/.../0010-x86-vmx-expose-LMCE-feature-via-guest-MSR_IA32_FEATU.patch
      - d/p/.../0011-x86-vmce-tools-libxl-expose-LMCE-capability-in-guest.patch
      - d/p/.../0012-x86-mce-add-support-of-vLMCE-injection-to-XEN_MC_inj.patch
    - Re-introduce (fake) xs_restrict call to keep libxenstore version at
      3.0 for now.
      - d/p/ubuntu/tools-fake-xs-restrict.patch
    - debian/libxenstore3.0.symbols:
      - Added xs_control_command
    - xen-4.9.0/debian/xen-hypervisor-4.9.xen.cfg:
      - Modified GRUB_DEFAULT setting to be dynamic (like update-grub does)
        which should handle non English environments (LP: #1321144)

 -- Stefan Bader <email address hidden>  Thu, 17 Aug 2017 11:37:11 +0200

Available diffs

Superseded in xenial-updates on 2017-10-16
Superseded in xenial-security on 2017-10-16
xen (4.6.5-0ubuntu1.2) xenial-security; urgency=low

  * Applying Xen Security Advisories:
    - XSA-217
      - x86/mm: disallow page stealing from HVM domains
    - XSA-218
      - IOMMU: handle IOMMU mapping and unmapping failures
      - gnttab: fix unmap pin accounting race
      - gnttab: Avoid potential double-put of maptrack entry
      - gnttab: correct maptrack table accesses
    - XSA-219
      - 86/shadow: Hold references for the duration of emulated writes
    - XSA-220
      - x86: avoid leaking PKRU and BND* between vCPU-s
    - XSA-221
      - evtchn: avoid NULL derefs
    - XSA-222
      - xen/memory: Fix return value handing of guest_remove_page()
      - guest_physmap_remove_page() needs its return value checked
    - XSA-223
      - arm: vgic: Don't update the LR when the IRQ is not enabled
    - XSA-224
      - gnttab: Fix handling of dev_bus_addr during unmap
      - gnttab: never create host mapping unless asked to
      - gnttab: correct logic to get page references during map requests
      - gnttab: __gnttab_unmap_common_complete() is all-or-nothing
    - XSA-225
      - xen/arm: vgic: Sanitize target mask used to send SGI

 -- Stefan Bader <email address hidden>  Tue, 04 Jul 2017 11:28:24 +0200
Superseded in trusty-updates on 2017-10-16
Superseded in trusty-security on 2017-10-16
xen (4.4.2-0ubuntu0.14.04.12) trusty-security; urgency=low

  * Applying Xen Security Advisories:
    - XSA-217
      - x86/mm: disallow page stealing from HVM domains
    - XSA-218
      - IOMMU: handle IOMMU mapping and unmapping failures
      - gnttab: fix unmap pin accounting race
      - gnttab: Avoid potential double-put of maptrack entry
      - gnttab: correct maptrack table accesses
    - XSA-219
      - 86/shadow: Hold references for the duration of emulated writes
    - XSA-221
      - evtchn: avoid NULL derefs
    - XSA-222
      - xen/memory: Fix return value handing of guest_remove_page()
      - guest_physmap_remove_page() needs its return value checked
    - XSA-224
      - gnttab: Fix handling of dev_bus_addr during unmap
      - gnttab: never create host mapping unless asked to
      - gnttab: correct logic to get page references during map requests
      - gnttab: __gnttab_unmap_common_complete() is all-or-nothing

 -- Stefan Bader <email address hidden>  Tue, 04 Jul 2017 12:20:19 +0200
Obsolete in yakkety-updates on 2018-01-23
Obsolete in yakkety-security on 2018-01-23
xen (4.7.2-0ubuntu1.3) yakkety-security; urgency=low

  * Applying Xen Security Advisories:
    - XSA-217
      - x86/mm: disallow page stealing from HVM domains
    - XSA-218
      - IOMMU: handle IOMMU mapping and unmapping failures
      - gnttab: fix unmap pin accounting race
      - gnttab: Avoid potential double-put of maptrack entry
      - gnttab: correct maptrack table accesses
    - XSA-219
      - 86/shadow: Hold references for the duration of emulated writes
    - XSA-220
      - x86: avoid leaking PKRU and BND* between vCPU-s
    - XSA-221
      - evtchn: avoid NULL derefs
    - XSA-222
      - xen/memory: Fix return value handing of guest_remove_page()
      - guest_physmap_remove_page() needs its return value checked
    - XSA-223
      - arm: vgic: Don't update the LR when the IRQ is not enabled
    - XSA-224
      - gnttab: Fix handling of dev_bus_addr during unmap
      - gnttab: never create host mapping unless asked to
      - gnttab: correct logic to get page references during map requests
      - gnttab: __gnttab_unmap_common_complete() is all-or-nothing
    - XSA-225
      - xen/arm: vgic: Sanitize target mask used to send SGI

 -- Stefan Bader <email address hidden>  Mon, 03 Jul 2017 16:12:19 +0200
Superseded in zesty-updates on 2017-10-16
Superseded in zesty-security on 2017-10-16
xen (4.8.0-1ubuntu2.2) zesty-security; urgency=low

  * Applying Xen Security Advisories:
    - XSA-217
      - x86/mm: disallow page stealing from HVM domains
    - XSA-218
      - gnttab: fix unmap pin accounting race
      - gnttab: Avoid potential double-put of maptrack entry
      - gnttab: correct maptrack table accesses
    - XSA-219
      - 86/shadow: Hold references for the duration of emulated writes
    - XSA-220
      - x86: avoid leaking PKRU and BND* between vCPU-s
    - XSA-221
      - evtchn: avoid NULL derefs
    - XSA-222
      - xen/memory: Fix return value handing of guest_remove_page()
      - guest_physmap_remove_page() needs its return value checked
    - XSA-223
      - arm: vgic: Don't update the LR when the IRQ is not enabled
    - XSA-224
      - gnttab: Fix handling of dev_bus_addr during unmap
      - gnttab: never create host mapping unless asked to
      - gnttab: correct logic to get page references during map requests
      - gnttab: __gnttab_unmap_common_complete() is all-or-nothing
    - XSA-225
      - xen/arm: vgic: Sanitize target mask used to send SGI

 -- Stefan Bader <email address hidden>  Mon, 03 Jul 2017 12:04:40 +0200
Superseded in yakkety-updates on 2017-07-18
Superseded in yakkety-security on 2017-07-18
xen (4.7.2-0ubuntu1.2) yakkety-security; urgency=low

  * Applying Xen Security Advisories:
    - XSA-206
      * xenstored: apply a write transaction rate limit
      * xenstored: Log when the write transaction rate limit bites
      * oxenstored: comments explaining some variables
      * oxenstored: handling of domain conflict-credit
      * oxenstored: ignore domains with no conflict-credit
      * oxenstored: add transaction info relevant to history-tracking
      * oxenstored: support commit history tracking
      * oxenstored: only record operations with side-effects in history
      * oxenstored: discard old commit-history on txn end
      * oxenstored: track commit history
      * oxenstored: blame the connection that caused a transaction conflict
      * oxenstored: allow self-conflicts
      * oxenstored: do not commit read-only transactions
      * oxenstored: don't wake to issue no conflict-credit
      * oxenstored transaction conflicts: improve logging
      * oxenstored: trim history in the frequent_ops function
    - CVE-2017-7228 / XSA-212
      * memory: properly check guest memory ranges in XENMEM_exchange handling
    - XSA-213
      * multicall: deal with early exit conditions
    - XSA-214
      * x86: discard type information when stealing pages

 -- Stefan Bader <email address hidden>  Tue, 09 May 2017 15:31:32 +0200
Superseded in trusty-updates on 2017-07-18
Superseded in trusty-security on 2017-07-18
xen (4.4.2-0ubuntu0.14.04.11) trusty-security; urgency=low

  * Applying Xen Security Advisories:
    - XSA-206
      * xenstored: apply a write transaction rate limit
      * xenstored: Log when the write transaction rate limit bites
      * oxenstored: exempt dom0 from domU node quotas
      * oxenstored: perform a 3-way merge of the quota after a transaction
      * oxenstored: catch the error when a connection is already deleted
      * oxenstored: use hash table to store socket connections
      * oxenstored: enable domain connection indexing based on eventchn port
      * oxenstored: only process domain connections that notify us by events
      * oxenstored: add a safe net mechanism for existing ill-behaved clients
      * oxenstored: refactor putting response on wire
      * oxenstored: remove some unused parameters
      * oxenstored: refactor request processing
      * oxenstored: keep track of each transaction's operations
      * oxenstored: move functions that process simple operations
      * oxenstored: replay transaction upon conflict
      * oxenstored: log request and response during transaction replay
      * oxenstored: allow compilation prior to OCaml 3.12.0
      * oxenstored: comments explaining some variables
      * oxenstored: handling of domain conflict-credit
      * oxenstored: ignore domains with no conflict-credit
      * oxenstored: add transaction info relevant to history-tracking
      * oxenstored: support commit history tracking
      * oxenstored: only record operations with side-effects in history
      * oxenstored: discard old commit-history on txn end
      * oxenstored: track commit history
      * oxenstored: blame the connection that caused a transaction conflict
      * oxenstored: allow self-conflicts
      * oxenstored: do not commit read-only transactions
      * oxenstored: don't wake to issue no conflict-credit
      * oxenstored transaction conflicts: improve logging
      * oxenstored: trim history in the frequent_ops function
    - XSA-207
      * IOMMU: always call teardown callback
    - CVE-2017-2615 / XSA-208
      * CVE-2014-8106: cirrus: fix blit region check
      * cirrus: fix oob access issue (CVE-2017-2615)
    - CVE-2017-2620 / XSA-209
      * cirrus: add blit_is_unsafe call to cirrus_bitblt_cputovideo
    - CVE-2016-9603 / XSA-211
      * cirrus/vnc: zap drop bitblit support from console code.
    - CVE-2017-7228 / XSA-212
      * memory: properly check guest memory ranges in XENMEM_exchange handling
    - XSA-213
      * multicall: deal with early exit conditions
    - XSA-214
      * x86: discard type information when stealing pages
    - XSA-215
      * x86: correct create_bounce_frame

 -- Stefan Bader <email address hidden>  Tue, 09 May 2017 10:13:50 +0200
Superseded in xenial-updates on 2017-07-18
Superseded in xenial-security on 2017-07-18
xen (4.6.5-0ubuntu1.1) xenial-security; urgency=low

  * Applying Xen Security Advisories:
    - XSA-206
      * xenstored: apply a write transaction rate limit
      * xenstored: Log when the write transaction rate limit bites
      * oxenstored: refactor putting response on wire
      * oxenstored: remove some unused parameters
      * oxenstored: refactor request processing
      * oxenstored: keep track of each transaction's operations
      * oxenstored: move functions that process simple operations
      * oxenstored: replay transaction upon conflict
      * oxenstored: log request and response during transaction replay
      * oxenstored: allow compilation prior to OCaml 3.12.0
      * oxenstored: comments explaining some variables
      * oxenstored: handling of domain conflict-credit
      * oxenstored: ignore domains with no conflict-credit
      * oxenstored: add transaction info relevant to history-tracking
      * oxenstored: support commit history tracking
      * oxenstored: only record operations with side-effects in history
      * oxenstored: discard old commit-history on txn end
      * oxenstored: track commit history
      * oxenstored: blame the connection that caused a transaction conflict
      * oxenstored: allow self-conflicts
      * oxenstored: do not commit read-only transactions
      * oxenstored: don't wake to issue no conflict-credit
      * oxenstored transaction conflicts: improve logging
      * oxenstored: trim history in the frequent_ops function
    - CVE-2017-7228 / XSA-212
      * memory: properly check guest memory ranges in XENMEM_exchange handling
    - XSA-213
      * multicall: deal with early exit conditions
    - XSA-214
      * x86: discard type information when stealing pages
    - XSA-215
      * x86: correct create_bounce_frame

 -- Stefan Bader <email address hidden>  Tue, 09 May 2017 15:09:37 +0200
Superseded in zesty-updates on 2017-07-18
Superseded in zesty-security on 2017-07-18
xen (4.8.0-1ubuntu2.1) zesty-security; urgency=low

  * Applying Xen Security Advisories:
    - XSA-206
      * xenstored: apply a write transaction rate limit
      * xenstored: Log when the write transaction rate limit bites
      * oxenstored: comments explaining some variables
      * oxenstored: handling of domain conflict-credit
      * oxenstored: ignore domains with no conflict-credit
      * oxenstored: add transaction info relevant to history tracking
      * oxenstored: support commit history tracking
      * oxenstored: only record operations with side-effects in history
      * oxenstored: discard old commit-history on txn end
      * oxenstored: track commit history
      * oxenstored: blame the connection that caused a transaction conflict
      * oxenstored: allow self-conflicts
      * oxenstored: do not commit read-only transactions
      * oxenstored: don't wake to issue no conflict-credit
      * oxenstored transaction conflicts: improve logging
      * oxenstored: trim history in the frequent_ops function
    - XSA-207
      * IOMMU: always call teardown callback
    - XSA-210
      * arm/p2m: remove the page from p2m->pages list before freeing it
    - CVE-2017-7228 / XSA-212
      * memory: properly check guest memory ranges in XENMEM_exchange handling
    - XSA-213
      * multicall: deal with early exit conditions
    - XSA-214
      * x86: discard type information when stealing pages

 -- Stefan Bader <email address hidden>  Tue, 09 May 2017 09:48:32 +0200
Superseded in trusty-updates on 2017-05-15
Deleted in trusty-proposed on 2017-05-16 (Reason: moved to -updates)
xen (4.4.2-0ubuntu0.14.04.10) trusty; urgency=medium

  * Backport upstream change to fix TSC_ADJUST MSR handling in HVM
    guests running on Intel based hosts (LP: #1671760)

 -- Stefan Bader <email address hidden>  Tue, 14 Mar 2017 11:17:48 +0100
Superseded in xenial-updates on 2017-05-15
Deleted in xenial-proposed on 2017-05-16 (Reason: moved to -updates)
xen (4.6.5-0ubuntu1) xenial; urgency=medium

  * Rebasing to upstream stable release 4.6.5 (LP: #1671864)
    https://www.xenproject.org/downloads/xen-archives/xen-46-series.html
    - Includes fix for booting 4.10 Linux kernels in HVM guests on Intel
      hosts which support the TSC_ADJUST MSR (LP: #1671760)
    - Additional security relevant changes:
      * CVE-2013-2076 / XSA-052 (update)
        - Information leak on XSAVE/XRSTOR capable AMD CPUs
      * CVE-2016-7093 / XSA-186 (4.6.3 became vulnerable)
        - x86: Mishandling of instruction pointer truncation during emulation
      * XSA-207
        - memory leak when destroying guest without PT devices
    - Replacing the following security fixes with the versions from the
      stable update:
      * CVE-2015-7812 / XSA-145
        - arm: Host crash when preempting a multicall
      * CVE-2015-7813 / XSA-146
        - arm: various unimplemented hypercalls log without rate limiting
      * CVE-2015-7814 / XSA-147
        - arm: Race between domain destruction and memory allocation decrease
      * CVE-2015-7835 / XSA-148
        - x86: Uncontrolled creation of large page mappings by PV guests
      * CVE-2015-7969 / XSA-149, XSA-151
        - leak of main per-domain vcpu pointer array
        - x86: leak of per-domain profiling-related vcpu pointer array
      * CVE-2015-7970 / XSA-150
        - x86: Long latency populate-on-demand operation is not preemptible
      * CVE-2015-7971 / XSA-152
        - x86: some pmu and profiling hypercalls log without rate limiting
      * CVE-2015-7972 / XSA-153
        - x86: populate-on-demand balloon size inaccuracy can crash guests
      * CVE-2016-2270 / XSA-154
        - x86: inconsistent cachability flags on guest mappings
      * CVE-2015-8550 / XSA-155
        - paravirtualized drivers incautious about shared memory contents
      * CVE-2015-5307, CVE-2015-8104 / XSA-156
        - x86: CPU lockup during exception delivery
      * CVE-2015-8338 / XSA-158
        - long running memory operations on ARM
      * CVE-2015-8339, CVE-2015-8340 / XSA-159
        XENMEM_exchange error handling issues
      * CVE-2015-8341 / XSA-160
        - libxl leak of pv kernel and initrd on error
      * CVE-2015-8555 / XSA-165
        - information leak in legacy x86 FPU/XMM initialization
      * XSA-166
        - ioreq handling possibly susceptible to multiple read issue
      * CVE-2016-1570 / XSA-167
        - PV superpage functionality missing sanity checks
      * CVE-2016-1571 / XSA-168
        - VMX: intercept issue with INVLPG on non-canonical address
      * CVE-2015-8615 / XSA-169
        - x86: unintentional logging upon guest changing callback method
      * CVE-2016-2271 / XSA-170
        - VMX: guest user mode may crash guest with non-canonical RIP
      * CVE-2016-3158, CVE-2016-3159 / XSA-172
        - broken AMD FPU FIP/FDP/FOP leak workaround
      * CVE-2016-3960 / XSA-173
        - x86 shadow pagetables: address width overflow
      * CVE-2016-4962 / XSA-175
        - Unsanitised guest input in libxl device handling code
      * CVE-2016-4480 / XSA-176
        - x86 software guest page walk PS bit handling flaw
      * CVE-2016-4963 / XSA-178
        - Unsanitised driver domain input in libxl device handling
      * CVE-2016-5242 / XSA-181
        - arm: Host crash caused by VMID exhaustion
      * CVE-2016-6258 / XSA-182
        - x86: Privilege escalation in PV guests
      * CVE-2016-6259 / XSA-183
        - x86: Missing SMAP whitelisting in 32-bit exception / event delivery
      * CVE-2016-7092 / XSA-185
        - x86: Disallow L3 recursive pagetable for 32-bit PV guests
      * CVE-2016-7094 / XSA-187
        - x86 HVM: Overflow of sh_ctxt->seg_reg[]
      * CVE-2016-7777 / XSA-190
        - CR0.TS and CR0.EM not always honored for x86 HVM guests
      * CVE-2016-9386 / XSA-191
        - x86 null segments not always treated as unusable
      * CVE-2016-9382 / XSA-192
        - x86 task switch to VM86 mode mis-handled
      * CVE-2016-9385 / XSA-193
        - x86 segment base write emulation lacking canonical address checks
      * CVE-2016-9383 / XSA-195
        - x86 64-bit bit test instruction emulation broken
      * CVE-2016-9377, CVE-2016-9378 / XSA-196
        - x86 software interrupt injection mis-handled
      * CVE-2016-9379, CVE-2016-9380 / XSA-198
        - delimiter injection vulnerabilities in pygrub
      * CVE-2016-9932 / XSA-200
        - x86 CMPXCHG8B emulation fails to ignore operand size override
      * CVE-2016-9815, CVE-2016-9816, CVE-2016-9817, CVE-2016-9818 / XSA-201
        - ARM guests may induce host asynchronous abort
      * CVE-2016-10024 / XSA-202
        - x86 PV guests may be able to mask interrupts
      * CVE-2016-10025 / XSA-203
        - x86: missing NULL pointer check in VMFUNC emulation
      * CVE-2016-10013 / XSA-204
        - x86: Mishandling of SYSCALL singlestep during emulation

 -- Stefan Bader <email address hidden>  Tue, 14 Mar 2017 16:08:39 +0100
Superseded in yakkety-updates on 2017-05-15
Deleted in yakkety-proposed on 2017-05-16 (Reason: moved to -updates)
xen (4.7.2-0ubuntu1) yakkety; urgency=medium

  * Rebasing to upstream stable release 4.7.2 (LP: #1672767)
    https://www.xenproject.org/downloads/xen-archives/xen-47-series.html
    - Includes fix for booting 4.10 Linux kernels in HVM guests on Intel
      hosts which support the TSC_ADJUST MSR (LP: #1671760)
    - Dropping: d/p/preup-tools-fix-linear-p2m-save.patch which is part
      of the stable update.
    - Additional security relevant changes:
      * XSA-207
        - memory leak when destroying guest without PT devices
    - Replacing the following security fixes with the versions from the
      stable update:
      * CVE-2016-6258 / XSA-182
        - x86: Privilege escalation in PV guests
      * CVE-2016-6259 / XSA-183
        - x86: Missing SMAP whitelisting in 32-bit exception / event delivery
      * CVE-2016-7092 / XSA-185
        - x86: Disallow L3 recursive pagetable for 32-bit PV guests
      * CVE-2016-7093 / XSA-186
        - x86: Mishandling of instruction pointer truncation during emulation
      * CVE-2016-7094 / XSA-187
        - x86 HVM: Overflow of sh_ctxt->seg_reg[]
      * CVE-2016-7777 / XSA-190
        - CR0.TS and CR0.EM not always honored for x86 HVM guests
      * CVE-2016-9386 / XSA-191
        - x86 null segments not always treated as unusable
      * CVE-2016-9382 / XSA-192
        - x86 task switch to VM86 mode mis-handled
      * CVE-2016-9385 / XSA-193
        - x86 segment base write emulation lacking canonical address checks
      * CVE-2016-9384 / XSA-194
        - guest 32-bit ELF symbol table load leaking host data
      * CVE-2016-9383 / XSA-195
        - x86 64-bit bit test instruction emulation broken
      * CVE-2016-9377, CVE-2016-9378 / XSA-196
        - x86 software interrupt injection mis-handled
      * CVE-2016-9379, CVE-2016-9380 / XSA-198
        - delimiter injection vulnerabilities in pygrub
      * CVE-2016-9932 / XSA-200
        - x86 CMPXCHG8B emulation fails to ignore operand size override
      * CVE-2016-9815, CVE-2016-9816, CVE-2016-9817, CVE-2016-9818 / XSA-201
        - ARM guests may induce host asynchronous abort
      * CVE-2016-10024 / XSA-202
        - x86 PV guests may be able to mask interrupts
      * CVE-2016-10025 / XSA-203
        - x86: missing NULL pointer check in VMFUNC emulation
      * CVE-2016-10013 / XSA-204
        - x86: Mishandling of SYSCALL singlestep during emulation
  * Copy contents of debian/build/install-utils_$(ARCH)/usr/sbin into
    debian/build/install-utils_$ARCH/usr/lib/xen-$(VERSION) (LP: #1396670).

 -- Stefan Bader <email address hidden>  Tue, 14 Mar 2017 15:45:59 +0100
Superseded in artful-release on 2017-08-21
Obsolete in zesty-release on 2018-06-22
Deleted in zesty-proposed on 2018-06-22 (Reason: moved to release)
xen (4.8.0-1ubuntu2) zesty; urgency=medium

  * Cherry-pick upstream change to fix TSC_ADJUST MSR handling in HVM
    guests running on Intel based hosts (LP: #1671760)

 -- Stefan Bader <email address hidden>  Tue, 14 Mar 2017 09:27:04 +0100

Available diffs

Superseded in zesty-release on 2017-03-15
Deleted in zesty-proposed on 2017-03-16 (Reason: moved to release)
xen (4.8.0-1ubuntu1) zesty; urgency=medium

  * Merge from Debian unstable. Remaining changes:
    - Add transitional package definitions to debian/control and
      debian/rules.gen (force hypervisor upgrade).
    - Split xen.init into xenstored.init and xen.init
      * xen.init depends in xenstored.init and optionally schedules itself
        before libvirtd.
      * xenstored.init additionally modprobes xen-acpi-processor
    - Remove update-alternatives call from xen utils (postinst/prerm) scripts.
    - Copy contents of debian/build/install-utils_$(ARCH)/usr/sbin into
      debian/build/install-utils_$ARCH/usr/lib/xen-$(VERSION) (LP: #1396670).

 -- Stefan Bader <email address hidden>  Thu, 26 Jan 2017 12:40:13 +0100

Available diffs

Superseded in trusty-updates on 2017-03-23
Superseded in trusty-security on 2017-05-15
xen (4.4.2-0ubuntu0.14.04.9) trusty-security; urgency=low

  * Applying Xen Security Advisories:
    - CVE-2016-9386 / XSA-191
      * x86/hvm: Fix the handling of non-present segments
    - CVE-2016-9382 / XSA-192
      * x86/HVM: don't load LDTR with VM86 mode attrs during task switch
    - CVE-2016-9385 / XSA-193
      * x86/PV: writes of %fs and %gs base MSRs require canonical addresses
    - CVE-2016-9383 / XSA-195
      * x86emul: fix huge bit offset handling
    - CVE-2016-9381 / XSA-197
      * xen: fix ioreq handling
    - CVE-2016-9379, CVE-2016-9380 / XSA-198
      * pygrub: Properly quote results, when returning them to the caller
    - CVE-2016-9637 / XSA-199
      * qemu: ioport_read, ioport_write: be defensive about 32-bit addresses
    - CVE-2016-9932 / XSA-200
      * x86emul: CMPXCHG8B ignores operand size prefix
    - CVE-2016-9815, CVE-2016-9816, CVE-2016-9817, CVE-2016-9818 / XSA.201
      * arm64: handle guest-generated EL1 asynchronous abort
      * arm64: handle async aborts delivered while at EL2
      * arm: crash the guest when it traps on external abort
      * arm32: handle async aborts delivered while at HYP
    - CVE-2016-10024 / XSA-202
      * x86: force EFLAGS.IF on when exiting to PV guests
    - CVE-2016-10013 / XSA-204
      * x86/emul: Correct the handling of eflags with SYSCALL

 -- Stefan Bader <email address hidden>  Tue, 10 Jan 2017 16:47:39 +0100
Superseded in xenial-updates on 2017-03-23
Superseded in xenial-security on 2017-05-15
xen (4.6.0-1ubuntu4.3) xenial-security; urgency=low

  * Applying Xen Security Advisories:
    - CVE-2016-9386 / XSA-191
      * x86/hvm: Fix the handling of non-present segments
    - CVE-2016-9382 / XSA-192
      * x86/HVM: don't load LDTR with VM86 mode attrs during task switch
    - CVE-2016-9385 / XSA-193
      * x86/PV: writes of %fs and %gs base MSRs require canonical addresses
    - CVE-2016-9383 / XSA-195
      * x86emul: fix huge bit offset handling
    - CVE-2016-9377, CVE-2016-9378 / XSA-196
      * x86/emul: Correct the IDT entry calculation in inject_swint()
      * x86/svm: Fix injection of software interrupts
    - CVE-2016-9379, CVE-2016-9380 / XSA-198
      * pygrub: Properly quote results, when returning them to the caller
    - CVE-2016-9932 / XSA-200
      * x86emul: CMPXCHG8B ignores operand size prefix
    - CVE-2016-9815, CVE-2016-9816, CVE-2016-9817, CVE-2016-9818 / XSA.201
      * arm64: handle guest-generated EL1 asynchronous abort
      * arm64: handle async aborts delivered while at EL2
      * arm: crash the guest when it traps on external abort
      * arm32: handle async aborts delivered while at HYP
    - CVE-2016-10024 / XSA-202
      * x86: force EFLAGS.IF on when exiting to PV guests
    - CVE-2016-10025 / XSA-203
      * x86/HVM: add missing NULL check before using VMFUNC hook
    - CVE-2016-10013 / XSA-204
      * x86/emul: Correct the handling of eflags with SYSCALL

 -- Stefan Bader <email address hidden>  Tue, 10 Jan 2017 15:07:06 +0100
Published in precise-updates on 2017-01-12
Published in precise-security on 2017-01-12
xen (4.1.6.1-0ubuntu0.12.04.13) precise-security; urgency=low

  * Applying Xen Security Advisories:
    - CVE-2016-9386 / XSA-191
      * x86/hvm: Fix the handling of non-present segments
    - CVE-2016-9382 / XSA-192
      * x86/HVM: don't load LDTR with VM86 mode attrs during task switch
    - CVE-2016-9383 / XSA-195
      * x86emul: fix huge bit offset handling
    - CVE-2016-9381 / XSA-197
      * xen: fix ioreq handling
    - CVE-2016-9379, CVE-2016-9380 / XSA-198
      * pygrub: Properly quote results, when returning them to the caller
    - CVE-2016-9637 / XSA-199
      * qemu: ioport_read, ioport_write: be defensive about 32-bit addresses
    - CVE-2016-9932 / XSA-200
      * x86/emulator: add feature checks for newer instructions
      * x86emul: CMPXCHG8B ignores operand size prefix
    - CVE-2016-10024 / XSA-202
      * x86: use MOV instead of PUSH/POP when saving/restoring register state
      * x86: force EFLAGS.IF on when exiting to PV guests
    - CVE-2016-10013 / XSA-204
      * x86/emul: Correct the handling of eflags with SYSCALL

 -- Stefan Bader <email address hidden>  Wed, 11 Jan 2017 11:44:28 +0100
Superseded in yakkety-updates on 2017-03-23
Superseded in yakkety-security on 2017-05-15
xen (4.7.0-0ubuntu2.1) yakkety-security; urgency=low

  * Applying Xen Security Advisories:
    - CVE-2016-9386 / XSA-191
      * x86/hvm: Fix the handling of non-present segments
    - CVE-2016-9382 / XSA-192
      * x86/HVM: don't load LDTR with VM86 mode attrs during task switch
    - CVE-2016-9385 / XSA-193
      * x86/PV: writes of %fs and %gs base MSRs require canonical addresses
    - CVE-2016-9384 / XSA-194
      * libelf: fix stack memory leak when loading 32 bit symbol tables
    - CVE-2016-9383 / XSA-195
      * x86emul: fix huge bit offset handling
    - CVE-2016-9377, CVE-2016-9378 / XSA-196
      * x86/emul: Correct the IDT entry calculation in inject_swint()
      * x86/svm: Fix injection of software interrupts
    - CVE-2016-9379, CVE-2016-9380 / XSA-198
      * pygrub: Properly quote results, when returning them to the caller
    - CVE-2016-9932 / XSA-200
      * x86emul: CMPXCHG8B ignores operand size prefix
    - CVE-2016-9815, CVE-2016-9816, CVE-2016-9817, CVE-2016-9818 / XSA.201
      * arm64: handle guest-generated EL1 asynchronous abort
      * arm64: handle async aborts delivered while at EL2
      * arm: crash the guest when it traps on external abort
      * arm32: handle async aborts delivered while at HYP
    - CVE-2016-10024 / XSA-202
      * x86: force EFLAGS.IF on when exiting to PV guests
    - CVE-2016-10025 / XSA-203
      * x86/HVM: add missing NULL check before using VMFUNC hook
    - CVE-2016-10013 / XSA-204
      * x86/emul: Correct the handling of eflags with SYSCALL

 -- Stefan Bader <email address hidden>  Mon, 09 Jan 2017 17:29:33 +0100
Superseded in precise-updates on 2017-01-12
Superseded in precise-security on 2017-01-12
xen (4.1.6.1-0ubuntu0.12.04.12) precise-security; urgency=low

  * Applying Xen Security Advisories:
    - CVE-2016-6258 / XSA-182
      * x86/pv: Remove unsafe bits from the mod_l?_entry() fastpath
    - CVE-2016-5403 / XSA-184
      * virtio: error out if guest exceeds virtqueue size
    - CVE-2016-7092 / XSA-185
      * x86/32on64: don't allow recursive page tables from L3
    - CVE-2016-7094 / XSA-187
      * x86/shadow: Avoid overflowing sh_ctxt->seg_reg[]
      * x86/segment: Bounds check accesses to emulation ctxt->seg_reg[]
    - CVE-2016-7777 / XSA-190
      * x86emul: honor guest CR0.TS and CR0.EM

 -- Stefan Bader <email address hidden>  Thu, 06 Oct 2016 16:14:26 +0200
Superseded in trusty-updates on 2017-01-12
Superseded in trusty-security on 2017-01-12
xen (4.4.2-0ubuntu0.14.04.7) trusty-security; urgency=low

  * Applying Xen Security Advisories:
    - CVE-2016-6258 / XSA-182
      * x86/pv: Remove unsafe bits from the mod_l?_entry() fastpath
    - CVE-2016-5403 / XSA-184
      * virtio: error out if guest exceeds virtqueue size
    - CVE-2016-7092 / XSA-185
      * x86/32on64: don't allow recursive page tables from L3
    - CVE-2016-7094 / XSA-187
      * x86/shadow: Avoid overflowing sh_ctxt->seg_reg[]
      * x86/segment: Bounds check accesses to emulation ctxt->seg_reg[]
    - CVE-2016-7154 / XSA-188
      * evtchn-fifo: prevent use after free
    - CVE-2016-7777 / XSA-190
      * x86emul: honor guest CR0.TS and CR0.EM

 -- Stefan Bader <email address hidden>  Thu, 06 Oct 2016 15:56:51 +0200
Superseded in xenial-updates on 2017-01-12
Superseded in xenial-security on 2017-01-12
xen (4.6.0-1ubuntu4.2) xenial-security; urgency=low

  * Applying Xen Security Advisories:
    - CVE-2016-6258 / XSA-182
      * x86/pv: Remove unsafe bits from the mod_l?_entry() fastpath
    - CVE-2016-6259 / XSA-183
      * x86/entry: Avoid SMAP violation in compat_create_bounce_frame()
    - CVE-2016-7092 / XSA-185
      * x86/32on64: don't allow recursive page tables from L3
    - CVE-2016-7094 / XSA-187
      * x86/shadow: Avoid overflowing sh_ctxt->seg_reg[]
      * x86/segment: Bounds check accesses to emulation ctxt->seg_reg[]
    - CVE-2016-7777 / XSA-190
      * x86emul: honor guest CR0.TS and CR0.EM

 -- Stefan Bader <email address hidden>  Thu, 06 Oct 2016 15:32:01 +0200
Superseded in zesty-release on 2017-02-13
Obsolete in yakkety-release on 2018-01-23
Deleted in yakkety-proposed on 2018-01-23 (Reason: moved to release)
xen (4.7.0-0ubuntu2) yakkety; urgency=low

  * Applying Xen Security Advisories:
    - CVE-2016-6258 / XSA-182
      * x86/pv: Remove unsafe bits from the mod_l?_entry() fastpath
    - CVE-2016-6259 / XSA-183
      * x86/entry: Avoid SMAP violation in compat_create_bounce_frame()
    - CVE-2016-7092 / XSA-185
      * x86/32on64: don't allow recursive page tables from L3
    - CVE-2016-7093 / XSA-186
      * x86/emulate: Correct boundary interactions of emulated instructions
      * hvm/fep: Allow testing of instructions crossing the -1 -> 0 virtual
        boundary
    - CVE-2016-7094 / XSA-187
      * x86/shadow: Avoid overflowing sh_ctxt->seg_reg[]
      * x86/segment: Bounds check accesses to emulation ctxt->seg_reg[]
    - CVE-2016-7777 / XSA-190
      * x86emul: honor guest CR0.TS and CR0.EM

 -- Stefan Bader <email address hidden>  Thu, 06 Oct 2016 15:24:46 +0200

Available diffs

Superseded in yakkety-release on 2016-10-07
Deleted in yakkety-proposed on 2016-10-09 (Reason: moved to release)
xen (4.7.0-0ubuntu1) yakkety; urgency=low

  * Rebasing to upstream Xen release 4.7 (LP: #1621618)
    - Renamed all *-4.6* files into *-4.7*. Also moved references within
      various files from 4.6 to 4.7.
    - Follow previous abiname patches to create individual run-time libs
      for the versioned libxen package for libxencall, libxenevtchn,
      libxenforeignmemory, libxengnttab, and libxentoollog.
    - Modified debian/libxen-dev.install to pick up the additional headers
      and drop one which is no longer present. And also add the new libs.
    - Refreshed Debian patchesS
    - Dropped transitional packages <4.6, added a set for 4.6.
    - Dropped tools-allow-configure-time-choice-of-libexec-subdire.patch
      (upstream)
    - Dropped ubuntu-config-prefix-fix.patch (unnecessary)
    - Dropped all security patches since those were all included in
      the new upstream release.
    - Added fix for FTBS on Arm due to unused static variables and
      hardening flags turned on.
    - Switched dependencies of sysvinit scripts from libvirt-bin to
      libvirtd.
    - Added modprobe for xen-acpi-processor (no auto-load alias) to
      xenstrore init script. Otherwise there is no frequency scaling
      if the driver is compiled as a module.
    - Added proposed upstream fix for regression to save PV guests
      with more than 1G of memory.

Available diffs

Obsolete in wily-updates on 2018-01-22
Obsolete in wily-security on 2018-01-22
xen (4.5.1-0ubuntu1.4) wily-security; urgency=low

  * Applying Xen Security Advisories:
    - CVE-2016-3158, CVE-2016-3159 / XSA-172
      * x86: fix information leak on AMD CPUs
    - CVE-2016-3960 / XSA-173
      * x86: limit GFNs to 32 bits for shadowed superpages.
    - CVE-2016-4962 / XSA-175
      * libxl: Record backend/frontend paths in /libxl/$DOMID
      * libxl: Provide libxl__backendpath_parse_domid
      * libxl: Do not trust frontend in libxl__devices_destroy
      * libxl: Do not trust frontend in libxl__device_nextid
      * libxl: Do not trust frontend for disk eject event
      * libxl: Do not trust frontend for disk in getinfo
      * libxl: Do not trust frontend for vtpm list
      * libxl: Do not trust frontend for vtpm in getinfo
      * libxl: Do not trust frontend for nic in libxl_devid_to_device_nic
      * libxl: Do not trust frontend for nic in getinfo
      * libxl: Do not trust frontend for channel in list
      * libxl: Do not trust frontend for channel in getinfo
      * libxl: Cleanup: Have libxl__alloc_vdev use /libxl
      * libxl: Document ~/serial/ correctly
    - CVE-2016-4480 / XSA-176
      * x86/mm: fully honor PS bits in guest page table walks
    - CVE-2016-4963 / XSA-178
      * libxl: Make copy of every xs backend in /libxl in _generic_add
      * libxl: Do not trust backend in libxl__device_exists
      * libxl: Do not trust backend for vtpm in getinfo (except uuid)
      * libxl: Do not trust backend for vtpm in getinfo (uuid)
      * libxl: cdrom eject and insert: write to /libxl
      * libxl: Do not trust backend for disk eject vdev
      * libxl: Do not trust backend for disk; fix driver domain disks list
      * libxl: Do not trust backend for disk in getinfo
      * libxl: Do not trust backend for cdrom insert
      * libxl: Do not trust backend for channel in getinfo
      * libxl: Rename libxl__device_{nic,channel}_from_xs_be to _from_xenstore
      * libxl: Rename READ_BACKEND to READ_LIBXLDEV
      * libxl: Have READ_LIBXLDEV use libxl_path rather than be_path
      * libxl: Do not trust backend in nic getinfo
      * libxl: Do not trust backend for nic in devid_to_device
      * libxl: Do not trust backend for nic in list
      * libxl: Do not trust backend in channel list
      * libxl: Cleanup: use libxl__backendpath_parse_domid in
               libxl__device_disk_from_xs_be
      * libxl: Fix NULL pointer due to XSA-178 fix wrong XS nodename
    - CVE-2016-5242 / XSA-181
      * xen/arm: Don't free p2m->first_level in p2m_teardown() before
                 it has been allocated

 -- Stefan Bader <email address hidden>  Thu, 30 Jun 2016 10:05:26 +0200
Superseded in yakkety-release on 2016-10-01
Deleted in yakkety-proposed on 2016-10-04 (Reason: moved to release)
xen (4.6.0-1ubuntu5) yakkety; urgency=low

  * Applying Xen Security Advisories:
    - CVE-2016-3158, CVE-2016-3159 / XSA-172
      * x86: fix information leak on AMD CPUs
    - CVE-2016-3960 / XSA-173
      * x86: limit GFNs to 32 bits for shadowed superpages.
    - CVE-2016-4962 / XSA-175
      * libxl: Record backend/frontend paths in /libxl/$DOMID
      * libxl: Provide libxl__backendpath_parse_domid
      * libxl: Do not trust frontend in libxl__devices_destroy
      * libxl: Do not trust frontend in libxl__device_nextid
      * libxl: Do not trust frontend for disk eject event
      * libxl: Do not trust frontend for disk in getinfo
      * libxl: Do not trust frontend for vtpm list
      * libxl: Do not trust frontend for vtpm in getinfo
      * libxl: Do not trust frontend for nic in libxl_devid_to_device_nic
      * libxl: Do not trust frontend for nic in getinfo
      * libxl: Do not trust frontend for channel in list
      * libxl: Do not trust frontend for channel in getinfo
      * libxl: Cleanup: Have libxl__alloc_vdev use /libxl
      * libxl: Document ~/serial/ correctly
    - CVE-2016-4480 / XSA-176
      * x86/mm: fully honor PS bits in guest page table walks
    - CVE-2016-4963 / XSA-178
      * libxl: Make copy of every xs backend in /libxl in _generic_add
      * libxl: Do not trust backend in libxl__device_exists
      * libxl: Do not trust backend for vtpm in getinfo (except uuid)
      * libxl: Do not trust backend for vtpm in getinfo (uuid)
      * libxl: cdrom eject and insert: write to /libxl
      * libxl: Do not trust backend for disk eject vdev
      * libxl: Do not trust backend for disk; fix driver domain disks list
      * libxl: Do not trust backend for disk in getinfo
      * libxl: Do not trust backend for cdrom insert
      * libxl: Do not trust backend for channel in getinfo
      * libxl: Rename libxl__device_{nic,channel}_from_xs_be to _from_xenstore
      * libxl: Rename READ_BACKEND to READ_LIBXLDEV
      * libxl: Have READ_LIBXLDEV use libxl_path rather than be_path
      * libxl: Do not trust backend in nic getinfo
      * libxl: Do not trust backend for nic in devid_to_device
      * libxl: Do not trust backend for nic in list
      * libxl: Do not trust backend in channel list
      * libxl: Cleanup: use libxl__backendpath_parse_domid in
               libxl__device_disk_from_xs_be
      * libxl: Fix NULL pointer due to XSA-178 fix wrong XS nodename
    - CVE-2016-5242 / XSA-181
      * xen/arm: Don't free p2m->first_level in p2m_teardown() before
                 it has been allocated

 -- Stefan Bader <email address hidden>  Tue, 07 Jun 2016 16:30:19 +0200

Available diffs

Superseded in precise-updates on 2016-10-11
Superseded in precise-security on 2016-10-11
xen (4.1.6.1-0ubuntu0.12.04.11) precise-security; urgency=low

  * Applying Xen Security Advisories:
    - CVE-2013-2212 / XSA-060
      * VMX: disable EPT when !cpu_has_vmx_pat
      * VMX: remove the problematic set_uc_mode logic
      * VMX: fix cr0.cd handling
    - CVE-2016-3158, CVE-2016-3159 / XSA-172
      * x86: fix information leak on AMD CPUs
    - CVE-2016-3960 / XSA-173
      * x86: limit GFNs to 32 bits for shadowed superpages.
      * x86/HVM: correct CPUID leaf 80000008 handling
    - CVE-2016-4480 / XSA-176
      * x86/mm: fully honor PS bits in guest page table walks
    - CVE-2016-3710 / XSA-179 (qemu traditional)
      * vga: fix banked access bounds checking
      * vga: add vbe_enabled() helper
      * vga: factor out vga register setup
      * vga: update vga register setup on vbe changes
      * vga: make sure vga register setup for vbe stays intact
    - CVE-2014-3672 / XSA-180 (qemu traditional)
      * main loop: Big hammer to fix logfile disk DoS in Xen setups

 -- Stefan Bader <email address hidden>  Tue, 07 Jun 2016 20:01:06 +0200
Superseded in trusty-updates on 2016-10-11
Superseded in trusty-security on 2016-10-11
xen (4.4.2-0ubuntu0.14.04.6) trusty-security; urgency=low

  * Applying Xen Security Advisories:
    - CVE-2016-3158, CVE-2016-3159 / XSA-172
      * x86: fix information leak on AMD CPUs
    - CVE-2016-3960 / XSA-173
      * x86: limit GFNs to 32 bits for shadowed superpages.
    - CVE-2016-4962 / XSA-175
      * libxl: Record backend/frontend paths in /libxl/$DOMID
      * libxl: Provide libxl__backendpath_parse_domid
      * libxl: Do not trust frontend in libxl__devices_destroy
      * libxl: Do not trust frontend in libxl__device_nextid
      * libxl: Do not trust frontend for disk eject event
      * libxl: Do not trust frontend for disk in getinfo
      * libxl: Do not trust frontend for vtpm list
      * libxl: Do not trust frontend for vtpm in getinfo
      * libxl: Do not trust frontend for nic in libxl_devid_to_device_nic
      * libxl: Do not trust frontend for nic in getinfo
      * libxl: Cleanup: Have libxl__alloc_vdev use /libxl
      * libxl: Document ~/serial/ correctly
    - CVE-2016-4480 / XSA-176
      * x86/mm: fully honor PS bits in guest page table walks
    - CVE-2016-4963 / XSA-178
      * libxl: Do not trust backend for vtpm in getinfo (except uuid)
      * libxl: Do not trust backend for vtpm in getinfo (uuid)
      * libxl: cdrom eject and insert: write to /libxl
      * libxl: Do not trust backend for disk eject vdev
      * libxl: Do not trust backend for disk; fix driver domain disks list
      * libxl: Do not trust backend for disk in getinfo
      * libxl: Do not trust backend for cdrom insert
      * libxl: Rename libxl__device_{nic,channel}_from_xs_be to _from_xenstore
      * libxl: Rename READ_BACKEND to READ_LIBXLDEV
      * libxl: Have READ_LIBXLDEV use libxl_path rather than be_path
      * libxl: Do not trust backend in nic getinfo
      * libxl: Do not trust backend for nic in devid_to_device
      * libxl: Do not trust backend for nic in list
      * libxl: Cleanup: use libxl__backendpath_parse_domid in
               libxl__device_disk_from_xs_be
      * libxl: Fix NULL pointer due to XSA-178 fix wrong XS nodename
    - CVE-2016-3710 / XSA-179 (qemu traditional)
      * vga: fix banked access bounds checking
      * vga: add vbe_enabled() helper
      * vga: factor out vga register setup
      * vga: update vga register setup on vbe changes
      * vga: make sure vga register setup for vbe stays intact
    - CVE-2014-3672 / XSA-180 (qemu traditional)
      * main loop: Big hammer to fix logfile disk DoS in Xen setups
    - CVE-2016-5242 / XSA-181
      * xen/arm: Don't free p2m->first_level in p2m_teardown() before
                 it has been allocated

 -- Stefan Bader <email address hidden>  Mon, 06 Jun 2016 14:17:35 +0200
Superseded in xenial-updates on 2016-10-11
Superseded in xenial-security on 2016-10-11
xen (4.6.0-1ubuntu4.1) xenial-security; urgency=low

  * Applying Xen Security Advisories:
    - CVE-2016-3158, CVE-2016-3159 / XSA-172
      * x86: fix information leak on AMD CPUs
    - CVE-2016-3960 / XSA-173
      * x86: limit GFNs to 32 bits for shadowed superpages.
    - CVE-2016-4962 / XSA-175
      * libxl: Record backend/frontend paths in /libxl/$DOMID
      * libxl: Provide libxl__backendpath_parse_domid
      * libxl: Do not trust frontend in libxl__devices_destroy
      * libxl: Do not trust frontend in libxl__device_nextid
      * libxl: Do not trust frontend for disk eject event
      * libxl: Do not trust frontend for disk in getinfo
      * libxl: Do not trust frontend for vtpm list
      * libxl: Do not trust frontend for vtpm in getinfo
      * libxl: Do not trust frontend for nic in libxl_devid_to_device_nic
      * libxl: Do not trust frontend for nic in getinfo
      * libxl: Do not trust frontend for channel in list
      * libxl: Do not trust frontend for channel in getinfo
      * libxl: Cleanup: Have libxl__alloc_vdev use /libxl
      * libxl: Document ~/serial/ correctly
    - CVE-2016-4480 / XSA-176
      * x86/mm: fully honor PS bits in guest page table walks
    - CVE-2016-4963 / XSA-178
      * libxl: Make copy of every xs backend in /libxl in _generic_add
      * libxl: Do not trust backend in libxl__device_exists
      * libxl: Do not trust backend for vtpm in getinfo (except uuid)
      * libxl: Do not trust backend for vtpm in getinfo (uuid)
      * libxl: cdrom eject and insert: write to /libxl
      * libxl: Do not trust backend for disk eject vdev
      * libxl: Do not trust backend for disk; fix driver domain disks list
      * libxl: Do not trust backend for disk in getinfo
      * libxl: Do not trust backend for cdrom insert
      * libxl: Do not trust backend for channel in getinfo
      * libxl: Rename libxl__device_{nic,channel}_from_xs_be to _from_xenstore
      * libxl: Rename READ_BACKEND to READ_LIBXLDEV
      * libxl: Have READ_LIBXLDEV use libxl_path rather than be_path
      * libxl: Do not trust backend in nic getinfo
      * libxl: Do not trust backend for nic in devid_to_device
      * libxl: Do not trust backend for nic in list
      * libxl: Do not trust backend in channel list
      * libxl: Cleanup: use libxl__backendpath_parse_domid in
               libxl__device_disk_from_xs_be
      * libxl: Fix NULL pointer due to XSA-178 fix wrong XS nodename
    - CVE-2016-5242 / XSA-181
      * xen/arm: Don't free p2m->first_level in p2m_teardown() before
                 it has been allocated

 -- Stefan Bader <email address hidden>  Wed, 01 Jun 2016 11:10:47 +0200
Superseded in precise-updates on 2016-06-14
Superseded in precise-security on 2016-06-14
xen (4.1.6.1-0ubuntu0.12.04.10) precise-security; urgency=low

  * Applying Xen Security Advisories:
    - CVE-2016-2270 / XSA-154
      * x86: make get_page_from_l1e() return a proper error code
      * x86: make mod_l1_entry() return a proper error code
      * x86/mm: fix mod_l1_entry() return value when encountering r/o MMIO
        page
      * x86: enforce consistent cachability of MMIO mappings
    - CVE-2016-1570 / XSA-167
      * x86/mm: PV superpage handling lacks sanity checks
    - CVE-2016-1571 / XSA-168
      * x86/VMX: prevent INVVPID failure due to non-canonical guest address
    - CVE-2015-8615 / XSA-169
      * x86: make debug output consistent in hvm_set_callback_via
    - CVE-2016-2271 / XSA-170
      * x86/VMX: sanitize rIP before re-entering guest

 -- Stefan Bader <email address hidden>  Thu, 25 Feb 2016 09:25:57 +0100
Superseded in wily-updates on 2016-07-05
Superseded in wily-security on 2016-07-05
xen (4.5.1-0ubuntu1.3) wily-security; urgency=low

  * Applying Xen Security Advisories:
    - CVE-2016-2270 / XSA-154
      * x86: enforce consistent cachability of MMIO mappings
    - CVE-2016-1570 / XSA-167
      * x86/mm: PV superpage handling lacks sanity checks
    - CVE-2016-1571 / XSA-168
      * x86/VMX: prevent INVVPID failure due to non-canonical guest address
    - CVE-2015-8615 / XSA-169
      * x86: make debug output consistent in hvm_set_callback_via
    - CVE-2016-2271 / XSA-170
      * x86/VMX: sanitize rIP before re-entering guest

 -- Stefan Bader <email address hidden>  Tue, 23 Feb 2016 22:18:08 +0100
Superseded in trusty-updates on 2016-06-14
Superseded in trusty-security on 2016-06-14
xen (4.4.2-0ubuntu0.14.04.5) trusty-security; urgency=low

  * Applying Xen Security Advisories:
    - CVE-2016-2270 / XSA-154
      * x86: enforce consistent cachability of MMIO mappings
    - CVE-2016-1570 / XSA-167
      * x86/mm: PV superpage handling lacks sanity checks
    - CVE-2016-1571 / XSA-168
      * x86/VMX: prevent INVVPID failure due to non-canonical guest address
    - CVE-2015-8615 / XSA-169
      * x86: make debug output consistent in hvm_set_callback_via
    - CVE-2016-2271 / XSA-170
      * x86/VMX: sanitize rIP before re-entering guest

 -- Stefan Bader <email address hidden>  Tue, 23 Feb 2016 22:16:17 +0100
Superseded in yakkety-release on 2016-06-14
Published in xenial-release on 2016-02-19
Deleted in xenial-proposed (Reason: moved to release)
xen (4.6.0-1ubuntu4) xenial; urgency=low

  * d/rules.real: Set LANG=C.UTF-8 for the builds to avoid a grep bug.

Superseded in xenial-proposed on 2016-02-19
xen (4.6.0-1ubuntu3) xenial; urgency=low

  * Fix unmount error message on shutdown and init script ordering issues:
    - d/xen-utils-common.xenstored.init: Introduce new init script which only
      starts xenstored (but also shuts it down on stop). Prevent this one to
      be run on upgrade.
    - d/xen-utils-common.xen.init:
      * Add X-Start-Before/X-Stop-After dependencies on libvirt-bin
      * Remove xenstored related code
  * d/scripts/xen-init-list: Revert back to unmodified version from Debian.
    With the ordering fixed, libvirt guests should be handled by its own
    script before xendomains is run.
  * d/control, d/libxen-dev.install and d/rules.real:
    Add xenlight.pc and xlutil.pc to be packaged as part of libxen-dev in
    multi-arch suitable location. Also declare libxen-dev as multi-arch
    same.
  * Additional Security Patches:
    - CVE-2016-2270 / XSA-154
      * x86: enforce consistent cachability of MMIO mappings
    - CVE-2016-1570 / XSA-167
      * x86/mm: PV superpage handling lacks sanity checks
    - CVE-2016-1571 / XSA-168
      * x86/VMX: prevent INVVPID failure due to non-canonical guest address
    - CVE-2015-8615 / XSA-169
      * x86: make debug output consistent in hvm_set_callback_via
    - CVE-2016-2271 / XSA-170
      * x86/VMX: sanitize rIP before re-entering guest

 -- Stefan Bader <email address hidden>  Thu, 18 Feb 2016 18:20:38 +0100

Available diffs

Superseded in xenial-release on 2016-02-19
Deleted in xenial-proposed on 2016-02-20 (Reason: moved to release)
xen (4.6.0-1ubuntu2) xenial; urgency=low

  * Applying Xen Security Advisories:
    - CVE-2015-8550 / XSA-155
      * xen: Add RING_COPY_REQUEST()
      * blktap2: Use RING_COPY_REQUEST
      * libvchan: Read prod/cons only once.
    - CVE-2015-8338 / XSA-158
      * memory: split and tighten maximum order permitted in memops
    - CVE-2015-8339, CVE-2015-8340 / XSA-159
      * memory: fix XENMEM_exchange error handling
    - CVE-2015-8341 / XSA-160
      * libxl: Fix bootloader-related virtual memory leak on pv
        build failure
    - CVE-2015-8555 / XSA-165
      * x86: don't leak ST(n)/XMMn values to domains first using them
    - CVE-2015-???? / XSA-166
      * x86/HVM: avoid reading ioreq state more than once

 -- Stefan Bader <email address hidden>  Wed, 16 Dec 2015 12:06:10 +0100

Available diffs

Superseded in trusty-updates on 2016-02-25
Superseded in trusty-security on 2016-02-25
xen (4.4.2-0ubuntu0.14.04.4) trusty-security; urgency=low

  * Applying Xen Security Advisories:
    - CVE-2015-8550 / XSA-155
      * blkif: Avoid double access to src->nr_segments
      * xenfb: avoid reading twice the same fields from the shared page
      * xen: Add RING_COPY_REQUEST()
      * blktap2: Use RING_COPY_REQUEST
      * libvchan: Read prod/cons only once.
    - CVE-2015-8338 / XSA-158
      * memory: split and tighten maximum order permitted in memops
    - CVE-2015-8339, CVE-2015-8340 / XSA-159
      * memory: fix XENMEM_exchange error handling
    - CVE-2015-8341 / XSA-160
      * libxl: Fix bootloader-related virtual memory leak on pv
        build failure
    - CVE-2015-7504 / XSA-162
      * net: pcnet: add check to validate receive data size
    - CVE-2015-8554 / XSA-164
      * MSI-X: avoid array overrun upon MSI-X table writes
    - CVE-2015-8555 / XSA-165
      * x86: don't leak ST(n)/XMMn values to domains first using them
    - CVE-2015-???? / XSA-166
      * x86/HVM: avoid reading ioreq state more than once

 -- Stefan Bader <email address hidden>  Wed, 16 Dec 2015 18:26:30 +0100
Obsolete in vivid-updates on 2018-01-18
Obsolete in vivid-security on 2018-01-18
xen (4.5.0-1ubuntu4.4) vivid-security; urgency=low

  * Applying Xen Security Advisories:
    - CVE-2015-8550 / XSA-155
      * xen: Add RING_COPY_REQUEST()
      * blktap2: Use RING_COPY_REQUEST
      * libvchan: Read prod/cons only once.
    - CVE-2015-8338 / XSA-158
      * memory: split and tighten maximum order permitted in memops
    - CVE-2015-8339, CVE-2015-8340 / XSA-159
      * memory: fix XENMEM_exchange error handling
    - CVE-2015-8341 / XSA-160
      * libxl: Fix bootloader-related virtual memory leak on pv
        build failure
    - CVE-2015-8555 / XSA-165
      * x86: don't leak ST(n)/XMMn values to domains first using them
    - CVE-2015-???? / XSA-166
      * x86/HVM: avoid reading ioreq state more than once

 -- Stefan Bader <email address hidden>  Wed, 16 Dec 2015 16:09:20 +0100
Superseded in precise-updates on 2016-02-25
Superseded in precise-security on 2016-02-25
xen (4.1.6.1-0ubuntu0.12.04.8) precise-security; urgency=low

  * Applying Xen Security Advisories:
    - CVE-2015-8550 / XSA-155
      * blkif: Avoid double access to src->nr_segments
      * xenfb: avoid reading twice the same fields from the shared page
      * xen: Add RING_COPY_REQUEST()
      * blktap2: Use RING_COPY_REQUEST
    - CVE-2015-8339, CVE-2015-8340 / XSA-159
      * memory: fix XENMEM_exchange error handling
    - CVE-2015-7504 / XSA-162
      * net: pcnet: add check to validate receive data size
    - CVE-2015-8554 / XSA-164
      * MSI-X: avoid array overrun upon MSI-X table writes
    - CVE-2015-8555 / XSA-165
      * x86: don't leak ST(n)/XMMn values to domains first using them
    - CVE-2015-???? / XSA-166
      * x86/HVM: avoid reading ioreq state more than once

 -- Stefan Bader <email address hidden>  Wed, 16 Dec 2015 18:27:20 +0100
Superseded in wily-updates on 2016-02-25
Superseded in wily-security on 2016-02-25
xen (4.5.1-0ubuntu1.2) wily-security; urgency=low

  * Applying Xen Security Advisories:
    - CVE-2015-8550 / XSA-155
      * xen: Add RING_COPY_REQUEST()
      * blktap2: Use RING_COPY_REQUEST
      * libvchan: Read prod/cons only once.
    - CVE-2015-8338 / XSA-158
      * memory: split and tighten maximum order permitted in memops
    - CVE-2015-8339, CVE-2015-8340 / XSA-159
      * memory: fix XENMEM_exchange error handling
    - CVE-2015-8341 / XSA-160
      * libxl: Fix bootloader-related virtual memory leak on pv
        build failure
    - CVE-2015-8555 / XSA-165
      * x86: don't leak ST(n)/XMMn values to domains first using them
    - CVE-2015-???? / XSA-166
      * x86/HVM: avoid reading ioreq state more than once

 -- Stefan Bader <email address hidden>  Wed, 16 Dec 2015 18:24:35 +0100
Superseded in xenial-release on 2015-12-17
Deleted in xenial-proposed on 2015-12-18 (Reason: moved to release)
xen (4.6.0-1ubuntu1) xenial; urgency=low

  * Merge of Xen-4.6 from Debian. Remaining changes:
    - debian/control, debian/rules.gen:
      Generate transitional xen-hypervisor packages.
    - debian/rules.real:
      Install the grub.d config file.
    - debian/scripts/xen-init-list:
      Ignore libxl guests not created by the xl toolstack (e.g. libvirt).
    - debian/tree/xen-utils-common/usr/share/xen-utils-common/default.xen:
      Minor readability improvements (maybe get rid of those)
    - debian/xen-hypervisor-4.6.xen.cfg:
      Additional config file to simplify grub configuration.
    - debian/xen-utils-4.6.postinst, debian/xen-utils-4.6.prerm:
      Remove update-alternatives call.
    - debian/xen-utils-common.xen.init:
      Fix consoled_stop_real and additional code to start and attach a
      qemu instance to dom0 (needed for pygrub booting QCOW2 PVM guests).
      Note: Also contains a work-around for a kernel bug which should be
      dropped in the next release.
    - debian/patches/ubuntu-config-prefix-fix.patch:
      Modifies configure and tools/configure to use the correct (versioned)
      libexec path.
    - Additional security fixes:
      * XSA-156 / CVE-2015-5307
        x86/HVM: always intercept #AC and #DB

 -- Stefan Bader <email address hidden>  Wed, 02 Dec 2015 18:57:48 +0100

Available diffs

Superseded in precise-updates on 2015-12-17
Superseded in precise-security on 2015-12-17
xen (4.1.6.1-0ubuntu0.12.04.7) precise-security; urgency=low

  * Applying Xen Security Advisories:
    - CVE-2015-7835 / XSA-148
      * x86: guard against undue super page PTE creation
    - CVE-2015-7969 / XSA-149
      * xen: free domain's vcpu array
    - CVE-2015-7970 / XSA-150
      * x86/PoD: Eager sweep for zeroed pages
    - CVE-2015-7969 / XSA-151
      * xenoprof: free domain's vcpu array
    - CVE-2015-7971 / XSA-152
      * x86: rate-limit logging in do_xen{oprof,pmu}_op()
    - CVE-2015-7972 / XSA-153
      * libxl: adjust PoD target by memory fudge, too
    - CVE-2015-5307 / XSA-156
      * x86/HVM: always intercept #AC and #DB

 -- Stefan Bader <email address hidden>  Mon, 23 Nov 2015 11:57:02 +0100
Superseded in xenial-release on 2015-12-07
Deleted in xenial-proposed on 2015-12-09 (Reason: moved to release)
xen (4.5.1-0ubuntu2) xenial; urgency=low

  * Applying Xen Security Advisories:
    - CVE-2015-7311 / XSA-142
      * libxl: handle read-only drives with qemu-xen
    - CVE-2015-7812 / XSA-145
      * xen/arm: Support hypercall_create_continuation for multicall
    - CVE-2015-7813 / XSA-146
      * xen: arm: rate-limit logging from unimplemented PHYSDEVOP and HVMOP.
    - CVE-2015-7814 / XSA-147
      * xen: arm: handle races between relinquish_memory and
        free_domheap_pages
    - CVE-2015-7835 / XSA-148
      * x86: guard against undue super page PTE creation
    - CVE-2015-7969 / XSA-149
      * xen: free domain's vcpu array
    - CVE-2015-7970 / XSA-150
      * x86/PoD: Eager sweep for zeroed pages
    - CVE-2015-7969 / XSA-151
      * xenoprof: free domain's vcpu array
    - CVE-2015-7971 / XSA-152
      * x86: rate-limit logging in do_xen{oprof,pmu}_op()
    - CVE-2015-7972 / XSA-153
      * libxl: adjust PoD target by memory fudge, too
    - CVE-2015-5307 / XSA-156
      * x86/HVM: always intercept #AC and #DB

 -- Stefan Bader <email address hidden>  Tue, 03 Nov 2015 08:39:07 -0600

Available diffs

Superseded in trusty-updates on 2015-12-17
Superseded in trusty-security on 2015-12-17
xen (4.4.2-0ubuntu0.14.04.3) trusty-security; urgency=low

  * Applying Xen Security Advisories:
    - CVE-2015-7311 / XSA-142
      * libxl: handle read-only drives with qemu-xen
    - CVE-2015-7812 / XSA-145
      * xen/arm: Support hypercall_create_continuation for multicall
    - CVE-2015-7813 / XSA-146
      * xen: arm: rate-limit logging from unimplemented PHYSDEVOP and HVMOP.
    - CVE-2015-7814 / XSA-147
      * xen: arm: handle races between relinquish_memory and
        free_domheap_pages
    - CVE-2015-7835 / XSA-148
      * x86: guard against undue super page PTE creation
    - CVE-2015-7969 / XSA-149
      * xen: free domain's vcpu array
    - CVE-2015-7970 / XSA-150
      * x86/PoD: Eager sweep for zeroed pages
    - CVE-2015-7969 / XSA-151
      * xenoprof: free domain's vcpu array
    - CVE-2015-7971 / XSA-152
      * x86: rate-limit logging in do_xen{oprof,pmu}_op()
    - CVE-2015-7972 / XSA-153
      * libxl: adjust PoD target by memory fudge, too
    - CVE-2015-5307 / XSA-156
      * x86/HVM: always intercept #AC and #DB

 -- Stefan Bader <email address hidden>  Tue, 03 Nov 2015 15:18:39 -0600
Superseded in wily-updates on 2015-12-17
Superseded in wily-security on 2015-12-17
xen (4.5.1-0ubuntu1.1) wily-security; urgency=low

  * Applying Xen Security Advisories:
    - CVE-2015-7311 / XSA-142
      * libxl: handle read-only drives with qemu-xen
    - CVE-2015-7812 / XSA-145
      * xen/arm: Support hypercall_create_continuation for multicall
    - CVE-2015-7813 / XSA-146
      * xen: arm: rate-limit logging from unimplemented PHYSDEVOP and HVMOP.
    - CVE-2015-7814 / XSA-147
      * xen: arm: handle races between relinquish_memory and
        free_domheap_pages
    - CVE-2015-7835 / XSA-148
      * x86: guard against undue super page PTE creation
    - CVE-2015-7969 / XSA-149
      * xen: free domain's vcpu array
    - CVE-2015-7970 / XSA-150
      * x86/PoD: Eager sweep for zeroed pages
    - CVE-2015-7969 / XSA-151
      * xenoprof: free domain's vcpu array
    - CVE-2015-7971 / XSA-152
      * x86: rate-limit logging in do_xen{oprof,pmu}_op()
    - CVE-2015-7972 / XSA-153
      * libxl: adjust PoD target by memory fudge, too
    - CVE-2015-5307 / XSA-156
      * x86/HVM: always intercept #AC and #DB

 -- Stefan Bader <email address hidden>  Tue, 03 Nov 2015 08:39:07 -0600
Superseded in vivid-updates on 2015-12-17
Superseded in vivid-security on 2015-12-17
xen (4.5.0-1ubuntu4.3) vivid-security; urgency=low

  * Applying Xen Security Advisories:
    - CVE-2015-7311 / XSA-142
      * libxl: handle read-only drives with qemu-xen
    - CVE-2015-7812 / XSA-145
      * xen/arm: Support hypercall_create_continuation for multicall
    - CVE-2015-7813 / XSA-146
      * xen: arm: rate-limit logging from unimplemented PHYSDEVOP and HVMOP.
    - CVE-2015-7814 / XSA-147
      * xen: arm: handle races between relinquish_memory and
        free_domheap_pages
    - CVE-2015-7835 / XSA-148
      * x86: guard against undue super page PTE creation
    - CVE-2015-7969 / XSA-149
      * xen: free domain's vcpu array
    - CVE-2015-7970 / XSA-150
      * x86/PoD: Eager sweep for zeroed pages
    - CVE-2015-7969 / XSA-151
      * xenoprof: free domain's vcpu array
    - CVE-2015-7971 / XSA-152
      * x86: rate-limit logging in do_xen{oprof,pmu}_op()
    - CVE-2015-7972 / XSA-153
      * libxl: adjust PoD target by memory fudge, too
    - CVE-2015-5307 / XSA-156
      * x86/HVM: always intercept #AC and #DB

 -- Stefan Bader <email address hidden>  Tue, 03 Nov 2015 15:11:34 -0600
Superseded in xenial-release on 2015-11-10
Obsolete in wily-release on 2018-01-22
Deleted in wily-proposed on 2018-01-22 (Reason: moved to release)
xen (4.5.1-0ubuntu1) wily; urgency=low

  * New upstream stable release (4.5.1)
    - Replacing the following security changes by upstream versions:
      * CVE-2014-3969 / XSA-98 (update),
        CVE-2015-0268 / XSA-117, CVE-2015-1563 / XSA-118,
        CVE-2015-2152 / XSA-119, CVE-2015-2044 / XSA-121,
        CVE-2015-2045 / XSA-122, CVE-2015-2151 / XSA-123,
        CVE-2015-2752 / XSA-125, CVE-2015-2751 / XSA-127
    - Included security changes which where not yet applied:
      * CVE-2015-4163 / XSA-134, CVE-2015-4164 / XSA-136
  * Applying additional Xen Security Advisories:
    - CVE-2015-3259 / XSA-137
      * xl: Sane handling of extra config file arguments
    - CVE-2015-6654 / XSA-141
      * xen/arm: mm: Do not dump the p2m when mapping a foreign gfn

 -- Stefan Bader <email address hidden>  Wed, 02 Sep 2015 16:37:39 +0200

Available diffs

Superseded in precise-updates on 2015-11-23
Superseded in precise-security on 2015-11-23
xen (4.1.6.1-0ubuntu0.12.04.6) precise-security; urgency=low

  * Applying Xen Security Advisories:
    - CVE-2014-5146 / XSA-097
      * Combine hap/shadow and log_dirty_log
      * x86/mm/hap: Adjust vram tracking to play nicely with log-dirty.
      * x86/paging: make log-dirty operations preemptible
    - CVE-2015-2752 / XSA-125
      * Limit XEN_DOMCTL_memory_mapping hypercall to only process up to 64
        GFNs (or less)
    - CVE-2015-2756 / XSA-126 (QEMU traditional)
      * xen: limit guest control of PCI command register
    - CVE-2015-4103 / XSA-128
      * properly gate host writes of modified PCI CFG contents
    - CVE-2015-4104 / XSA-129
      * xen: don't allow guest to control MSI mask register
    - CVE-2015-4105 / XSA-130
      * xen/MSI-X: disable logging by default
    - CVE-2015-4106 / XSA-131
      * xen/MSI: don't open-code pass-through of enable bit modifications
      * xen/pt: consolidate PM capability emu_mask
      * xen/pt: correctly handle PM status bit
      * xen/pt: split out calculation of throughable mask in PCI config space
        handling
      * xen/pt: mark all PCIe capability bits read-only
      * xen/pt: mark reserved bits in PCI config space fields
      * xen/pt: add a few PCI config space field descriptions
      * xen/pt: unknown PCI config space fields should be read-only
    - CVE-2015-3340 / XSA-132
      * domctl/sysctl: don't leak hypervisor stack to toolstacks
    - CVE-2015-3456 / XSA-133
      * qemut: fdc: force the fifo access to be in bounds of the
        allocated buffer
    - CVE-2015-3209 / XSA-135
      * pcnet: fix Negative array index read
      * pcnet: force the buffer access to be in bounds during tx
    - CVE-2015-4164 / XSA-136
      * x86/traps: loop in the correct direction in compat_iret()
    - CVE-2015-3259 / XSA-137
      * xl: Sane handling of extra config file arguments
    - CVE-2015-5154 / XSA-138
      * ide: Check array bounds before writing to io_buffer
      * ide: Clear DRQ after handling all expected accesses
    - CVE-2015-5165 / XSA-140
      * rtl8139: avoid nested ifs in IP header parsing
      * rtl8139: drop tautologous if (ip) {...} statement
      * rtl8139: skip offload on short Ethernet/IP header
      * rtl8139: check IP Header Length field
      * rtl8139: check IP Total Length field
      * rtl8139: skip offload on short TCP header
      * rtl8139: check TCP Data Offset field

 -- Stefan Bader <email address hidden>  Wed, 01 Apr 2015 16:38:31 +0200
Superseded in trusty-updates on 2015-11-10
Superseded in trusty-security on 2015-11-10
xen (4.4.2-0ubuntu0.14.04.2) trusty-security; urgency=low

  * Applying Xen Security Advisories:
    - CVE-2015-4103 / XSA-128
      * properly gate host writes of modified PCI CFG contents
    - CVE-2015-4104 / XSA-129
      * xen: don't allow guest to control MSI mask register
    - CVE-2015-4105 / XSA-130
      * xen/MSI-X: disable logging by default
    - CVE-2015-4106 / XSA-131
      * xen/MSI: don't open-code pass-through of enable bit modifications
      * xen/pt: consolidate PM capability emu_mask
      * xen/pt: correctly handle PM status bit
      * xen/pt: split out calculation of throughable mask in PCI config space
        handling
      * xen/pt: mark all PCIe capability bits read-only
      * xen/pt: mark reserved bits in PCI config space fields
      * xen/pt: add a few PCI config space field descriptions
      * xen/pt: unknown PCI config space fields should be read-only
    - CVE-2015-4163 / XSA-134
      * gnttab: add missing version check to GNTTABOP_swap_grant_ref handling
    - CVE-2015-3209 / XSA-135
      * pcnet: fix Negative array index read
      * pcnet: force the buffer access to be in bounds during tx
    - CVE-2015-4164 / XSA-136
      * x86/traps: loop in the correct direction in compat_iret()
    - CVE-2015-3259 / XSA-137
      * xl: Sane handling of extra config file arguments
    - CVE-2015-5154 / XSA-138
      * ide: Check array bounds before writing to io_buffer
      * ide: Clear DRQ after handling all expected accesses
    - CVE-2015-5165 / XSA-140
      * rtl8139: avoid nested ifs in IP header parsing
      * rtl8139: drop tautologous if (ip) {...} statement
      * rtl8139: skip offload on short Ethernet/IP header
      * rtl8139: check IP Header Length field
      * rtl8139: check IP Total Length field
      * rtl8139: skip offload on short TCP header
      * rtl8139: check TCP Data Offset field
    - CVE-2015-6654 / XSA-141
      * xen/arm: mm: Do not dump the p2m when mapping a foreign gfn

 -- Stefan Bader <email address hidden>  Mon, 31 Aug 2015 11:11:36 +0200
Superseded in vivid-updates on 2015-11-10
Superseded in vivid-security on 2015-11-10
xen (4.5.0-1ubuntu4.2) vivid-security; urgency=low

  * Applying Xen Security Advisories:
    - CVE-2015-4163 / XSA-134
      * gnttab: add missing version check to GNTTABOP_swap_grant_ref handling
    - CVE-2015-4164 / XSA-136
      * x86/traps: loop in the correct direction in compat_iret()
    - CVE-2015-3259 / XSA-137
      * xl: Sane handling of extra config file arguments
    - CVE-2015-6654 / XSA-141
      * xen/arm: mm: Do not dump the p2m when mapping a foreign gfn

 -- Stefan Bader <email address hidden>  Mon, 31 Aug 2015 10:40:03 +0200
Superseded in trusty-updates on 2015-09-02
Deleted in trusty-proposed on 2015-09-04 (Reason: moved to -updates)
xen (4.4.2-0ubuntu0.14.04.1) trusty; urgency=low

  * Updating to lastest upstream stable release 4.4.2 (LP: #1476666)
    - Replacing the following security changes by upstream versions:
      * CVE-2014-5146, CVE-2014-5149 / XSA-97,
        CVE-2014-3969, CVE-2015-2290 / XSA-98 (additional fix),
        CVE-2014-7154 / XSA-104, CVE-2014-7155 / XSA-105,
        CVE-2014-7156 / XSA-106, CVE-2014-6268 / XSA-107,
        CVE-2014-7188 / XSA-108, CVE-2014-8594 / XSA-109,
        CVE-2014-8595 / XSA-110, CVE-2014-8866 / XSA-111,
        CVE-2014-8867 / XSA-112, CVE-2014-9030 / XSA-113,
        CVE-2014-9065, CVE-2014-9066 / XSA-114,
        CVE-2015-0361 / XSA-116, CVE-2015-1563 / XSA-118,
        CVE-2015-2152 / XSA-119, CVE-2015-2044 / XSA-121,
        CVE-2015-2045 / XSA-122, CVE-2015-2151 / XSA-123
  * Refreshed d/p/version.patch to fix some fuzz when applying. No
    functional change.

 -- Stefan Bader <email address hidden>  Mon, 20 Jul 2015 11:34:38 +0200
Obsolete in utopic-updates on 2016-11-03
Obsolete in utopic-security on 2016-11-03
xen (4.4.1-0ubuntu0.14.10.6) utopic-security; urgency=low

  * Applying Xen Security Advisories:
    - CVE-2015-3340 / XSA-132
      * domctl/sysctl: don't leak hypervisor stack to toolstacks
    - CVE-2015-3456 / XSA-133
      * qemut: fdc: force the fifo access to be in bounds of the
        allocated buffer

 -- Stefan Bader <email address hidden>  Wed, 13 May 2015 16:33:47 +0200
Superseded in trusty-updates on 2015-08-20
Superseded in trusty-security on 2015-09-02
xen (4.4.1-0ubuntu0.14.04.6) trusty-security; urgency=low

  * Applying Xen Security Advisories:
    - CVE-2015-3340 / XSA-132
      * domctl/sysctl: don't leak hypervisor stack to toolstacks
    - CVE-2015-3456 / XSA-133
      * qemut: fdc: force the fifo access to be in bounds of the
        allocated buffer

 -- Stefan Bader <email address hidden>  Wed, 13 May 2015 16:38:10 +0200
Superseded in vivid-updates on 2015-09-02
Superseded in vivid-security on 2015-09-02
xen (4.5.0-1ubuntu4.1) vivid-security; urgency=low

  * Applying Xen Security Advisories:
    - CVE-2015-3340 / XSA-132
      * domctl/sysctl: don't leak hypervisor stack to toolstacks

 -- Stefan Bader <email address hidden>  Wed, 13 May 2015 16:30:06 +0200
Superseded in trusty-updates on 2015-05-20
Superseded in trusty-security on 2015-05-20
xen (4.4.1-0ubuntu0.14.04.5) trusty-security; urgency=low

  * Applying Xen Security Advisories:
    * CVE-2014-5146 / XSA-97 (HAP, reworked)
      - x86/paging: make log-dirty operations preemptible
    * CVE-2015-2752 / XSA-125
      - Limit XEN_DOMCTL_memory_mapping hypercall to only process up
        to 64 GFNs (or less)
    * CVE-2015-2756 / XSA-126 (qemu-dm)
      - xen: limit guest control of PCI command register
    * CVE-2015-2751 / XSA-127
      - domctl: don't allow a toolstack domain to call domain_pause() on
        itself
 -- Stefan Bader <email address hidden>   Tue, 07 Apr 2015 11:42:08 +0200
Superseded in utopic-updates on 2015-05-20
Superseded in utopic-security on 2015-05-20
xen (4.4.1-0ubuntu0.14.10.5) utopic-security; urgency=low

  * Applying Xen Security Advisories:
    * CVE-2014-5146 / XSA-97 (HAP, reworked)
      - x86/paging: make log-dirty operations preemptible
    * CVE-2015-2752 / XSA-125
      - Limit XEN_DOMCTL_memory_mapping hypercall to only process up
        to 64 GFNs (or less)
    * CVE-2015-2756 / XSA-126 (qemu-dm)
      - xen: limit guest control of PCI command register
    * CVE-2015-2751 / XSA-127
      - domctl: don't allow a toolstack domain to call domain_pause() on
        itself
 -- Stefan Bader <email address hidden>   Tue, 07 Apr 2015 14:32:08 +0200
Superseded in wily-release on 2015-09-07
Obsolete in vivid-release on 2018-01-18
Deleted in vivid-proposed on 2018-01-19 (Reason: moved to release)
xen (4.5.0-1ubuntu4) vivid; urgency=low

  * Applying Xen Security Advisories:
    * CVE-2014-3969 / XSA-98 (update)
      - xen: arm: correct arm64 version of gva_to_ma_par
    * CVE-2015-2752 / XSA-125
      - Limit XEN_DOMCTL_memory_mapping hypercall to only process up
        to 64 GFNs (or less)
    * CVE-2015-2751 / XSA-127
      - domctl: don't allow a toolstack domain to call domain_pause() on
        itself
 -- Stefan Bader <email address hidden>   Wed, 08 Apr 2015 10:10:27 +0200

Available diffs

Superseded in vivid-release on 2015-04-09
Deleted in vivid-proposed on 2015-04-10 (Reason: moved to release)
xen (4.5.0-1ubuntu3) vivid; urgency=low

  * Applying Xen Security Advisories:
    - CVE-2015-0268 / XSA-117
      * xen/arm: vgic-v2: Don't crash the hypervisor if the SGI
        target mode is invalid
    - CVE-2015-1563 / XSA-118
      * xen/arm: vgic: message in the emulation code should be
        rate-limited
    - CVE-2015-2152 / XSA-119
      * tools: libxl: Explicitly disable graphics backends on qemu
        cmdline
    - CVE-2015-2044 / XSA-121
      * x86/HVM: return all ones on wrong-sized reads of system device I/O
        ports
    - CVE-2015-2045 / XSA-122
      * pre-fill structures for certain HYPERVISOR_xen_version sub-ops
    - CVE-2015-2151 / XSA-123
      * x86emul: fully ignore segment override for register-only operations
 -- Stefan Bader <email address hidden>   Wed, 04 Mar 2015 12:34:49 +0100

Available diffs

Superseded in utopic-updates on 2015-04-08
Superseded in utopic-security on 2015-04-08
xen (4.4.1-0ubuntu0.14.10.4) utopic-security; urgency=low

  * Applying Xen Security Advisories:
    - CVE-2014-9065, CVE-2014-9066 / XSA-114
      * switch to write-biased r/w locks
    - CVE-2015-0361 / XSA-116
      * x86/HVM: prevent use-after-free when destroying a domain
    - CVE-2015-1563 / XSA-118
      * xen/arm: vgic: message in the emulation code should be
        rate-limited
    - CVE-2015-2152 / XSA-119
      * tools: libxl: Explicitly disable graphics backends on qemu
        cmdline
    - CVE-2015-2044 / XSA-121
      * x86/HVM: return all ones on wrong-sized reads of system device I/O
        ports
    - CVE-2015-2045 / XSA-122
      * pre-fill structures for certain HYPERVISOR_xen_version sub-ops
    - CVE-2015-2151 / XSA-123
      * x86emul: fully ignore segment override for register-only operations
 -- Stefan Bader <email address hidden>   Wed, 04 Mar 2015 12:20:04 +0100
Superseded in precise-updates on 2015-09-02
Superseded in precise-security on 2015-09-02
xen (4.1.6.1-0ubuntu0.12.04.5) precise-security; urgency=low

  * Applying Xen Security Advisories:
    - CVE-2015-2152 / XSA-119
      * tools: libxl: Explicitly disable graphics backends on qemu
        cmdline
    - CVE-2015-2044 / XSA-121
      * x86/HVM: return all ones on wrong-sized reads of system device I/O
        ports
    - CVE-2015-2045 / XSA-122
      * pre-fill structures for certain HYPERVISOR_xen_version sub-ops
    - CVE-2015-2151 / XSA-123
      * x86emul: fully ignore segment override for register-only operations
 -- Stefan Bader <email address hidden>   Wed, 04 Mar 2015 10:59:53 +0100
Superseded in trusty-updates on 2015-04-08
Superseded in trusty-security on 2015-04-08
xen (4.4.1-0ubuntu0.14.04.4) trusty-security; urgency=low

  * Applying Xen Security Advisories:
    - CVE-2014-9065, CVE-2014-9066 / XSA-114
      * switch to write-biased r/w locks
    - CVE-2015-0361 / XSA-116
      * x86/HVM: prevent use-after-free when destroying a domain
    - CVE-2015-1563 / XSA-118
      * xen/arm: vgic: message in the emulation code should be
        rate-limited
    - CVE-2015-2152 / XSA-119
      * tools: libxl: Explicitly disable graphics backends on qemu
        cmdline
    - CVE-2015-2044 / XSA-121
      * x86/HVM: return all ones on wrong-sized reads of system device I/O
        ports
    - CVE-2015-2045 / XSA-122
      * pre-fill structures for certain HYPERVISOR_xen_version sub-ops
    - CVE-2015-2151 / XSA-123
      * x86emul: fully ignore segment override for register-only operations
 -- Stefan Bader <email address hidden>   Wed, 04 Mar 2015 12:14:36 +0100
Superseded in vivid-release on 2015-03-12
Deleted in vivid-proposed on 2015-03-13 (Reason: moved to release)
xen (4.5.0-1ubuntu2) vivid; urgency=low

  * Really add a transitional package for xen-hypervisor-4.4-amd64 for
    i386.
 -- Stefan Bader <email address hidden>   Fri, 27 Feb 2015 15:47:49 +0100

Available diffs

Superseded in vivid-release on 2015-02-27
Deleted in vivid-proposed on 2015-02-28 (Reason: moved to release)
xen (4.5.0-1ubuntu1) vivid; urgency=low

  * Merge lastest upstream release from Debian experimental. Remaining
    changes:
    - d/rules.real:
      * Remove reference to OCAMLDESTDIR [minor cleanup]
      * Install xen.cfg into /etc/default/grub.d
      * Declare transitional packages for hypervisor.
    - d/rules.gen:
      * Add rules for transitional hypervisor packages.
    - d/scripts/xen-init-list:
      * Ignore domains not managed by xl (also works around a bug in
        xl list -l).
    - d/tree/xen-utils-common/usr/share/xen-utils-common/default.xen:
      * Add a little more explanation to a config file.
    - d/xen-hypervisor-4.5.xen.cfg
    - d/xen-utils-4.5.postinst and d/xen-utils-4.5.prerm:
      * Remove call to update-alternatives since we did not have those
        created in any release in the upgrade-path.
    - d/xen-utils-common.xen.init (picked from Debian packaging xen.git):
      * Fix removal of xenconsoled pid file.
      * Add code to start a qemu process for dom0.
      * Replace xenstore-writes by xen-init-dom0 call.
 -- Stefan Bader <email address hidden>   Thu, 22 Jan 2015 11:35:47 +0100

Available diffs

Superseded in utopic-updates on 2015-03-12
Deleted in utopic-proposed on 2015-03-13 (Reason: moved to -updates)
xen (4.4.1-0ubuntu0.14.10.3) utopic; urgency=low

  * d/xen-utils-common.xen.init: Update script to start a QEMU process for
    dom0. (LP: #1396068)
 -- Stefan Bader <email address hidden>   Thu, 11 Dec 2014 18:23:20 +0100
Superseded in trusty-updates on 2015-03-12
Deleted in trusty-proposed on 2015-03-13 (Reason: moved to -updates)
xen (4.4.1-0ubuntu0.14.04.3) trusty; urgency=low

  * d/xen-utils-common.xen.init: Update script to start a QEMU process for
    dom0. (LP: #1396068)
 -- Stefan Bader <email address hidden>   Thu, 11 Dec 2014 18:36:54 +0100
Superseded in vivid-release on 2015-02-26
Deleted in vivid-proposed on 2015-03-01 (Reason: moved to release)
xen (4.4.1-3ubuntu2) vivid; urgency=low

  * Applying Xen Security Advisories:
    - CVE-2014-8594 / XSA-109
      * x86: don't allow page table updates on non-PV page tables in
        do_mmu_update()
    - CVE-2014-8595 / XSA-110
      * x86emul: enforce privilege level restrictions when loading CS
    - CVE-2014-8866 / XSA-111
      * x86: limit checks in hypercall_xlat_continuation() to actual arguments
    - CVE-2014-8867 / XSA-112
      * x86/HVM: confine internally handled MMIO to solitary regions
    - CVE-2014-9030 / XSA-113
      * x86/mm: fix a reference counting error in MMU_MACHPHYS_UPDATE
  * Pulling in Debian change to start qemu in dom0 (LP: #1396068)
  * Picking up Debian change to recommend grub-xen-host from xen-utils.
  * Picking up Debian change to really include xen-init-name.
 -- Stefan Bader <email address hidden>   Wed, 19 Nov 2014 13:47:12 +0100

Available diffs

Superseded in trusty-updates on 2015-01-05
Superseded in trusty-security on 2015-03-12
xen (4.4.1-0ubuntu0.14.04.2) trusty-security; urgency=low

  * Applying Xen Security Advisories:
    - CVE-2013-3495 / XSA-59
      * VT-d: suppress UR signaling for further desktop chipsets
    - CVE-2014-8594 / XSA-109
      * x86: don't allow page table updates on non-PV page tables in
        do_mmu_update()
    - CVE-2014-8595 / XSA-110
      * x86emul: enforce privilege level restrictions when loading CS
    - CVE-2014-8866 / XSA-111
      * x86: limit checks in hypercall_xlat_continuation() to actual arguments
    - CVE-2014-8867 / XSA-112
      * x86/HVM: confine internally handled MMIO to solitary regions
    - CVE-2014-9030 / XSA-113
      * x86/mm: fix a reference counting error in MMU_MACHPHYS_UPDATE
 -- Stefan Bader <email address hidden>   Fri, 21 Nov 2014 13:49:20 +0100
Superseded in precise-updates on 2015-03-12
Superseded in precise-security on 2015-03-12
xen (4.1.6.1-0ubuntu0.12.04.4) precise-security; urgency=low

  * Applying Xen Security Advisories:
    - CVE-2014-8594 / XSA-109
      * x86: don't allow page table updates on non-PV page tables in
        do_mmu_update()
    - CVE-2014-8595 / XSA-110
      * x86emul: enforce privilege level restrictions when loading CS
    - CVE-2014-8866 / XSA-111
      * x86: limit checks in hypercall_xlat_continuation() to actual arguments
    - CVE-2014-8867 / XSA-112
      * x86/HVM: confine internally handled MMIO to solitary regions
    - CVE-2014-9030 / XSA-113
      * x86/mm: fix a reference counting error in MMU_MACHPHYS_UPDATE
 -- Stefan Bader <email address hidden>   Fri, 21 Nov 2014 15:29:19 +0100
Superseded in utopic-updates on 2015-01-05
Superseded in utopic-security on 2015-03-12
xen (4.4.1-0ubuntu0.14.10.2) utopic-security; urgency=low

  * Applying Xen Security Advisories:
    - CVE-2013-3495 / XSA-59
      * VT-d: suppress UR signaling for further desktop chipsets
    - CVE-2014-8594 / XSA-109
      * x86: don't allow page table updates on non-PV page tables in
        do_mmu_update()
    - CVE-2014-8595 / XSA-110
      * x86emul: enforce privilege level restrictions when loading CS
    - CVE-2014-8866 / XSA-111
      * x86: limit checks in hypercall_xlat_continuation() to actual arguments
    - CVE-2014-8867 / XSA-112
      * x86/HVM: confine internally handled MMIO to solitary regions
    - CVE-2014-9030 / XSA-113
      * x86/mm: fix a reference counting error in MMU_MACHPHYS_UPDATE
 -- Stefan Bader <email address hidden>   Wed, 19 Nov 2014 14:22:02 +0100
175 of 166 results