diff -Nru libvirt-2.5.0/debian/changelog libvirt-2.5.0/debian/changelog --- libvirt-2.5.0/debian/changelog 2019-05-16 12:54:05.000000000 +0000 +++ libvirt-2.5.0/debian/changelog 2018-02-09 02:27:05.000000000 +0000 @@ -1,12 +1,3 @@ -libvirt (2.5.0-3ubuntu5.6~cloud3) xenial-ocata; urgency=medium - - * SECURITY UPDATE: Add support for md-clear functionality - - debian/patches/md-clear.patch: Define md-clear CPUID bit in - src/cpu/cpu_map.xml. - - CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091 - - -- Corey Bryant Thu, 16 May 2019 08:54:05 -0400 - libvirt (2.5.0-3ubuntu5.6~cloud2) xenial-ocata; urgency=medium * SECURITY UPDATE: Add support for Spectre mitigations diff -Nru libvirt-2.5.0/debian/patches/md-clear.patch libvirt-2.5.0/debian/patches/md-clear.patch --- libvirt-2.5.0/debian/patches/md-clear.patch 2019-05-16 12:54:05.000000000 +0000 +++ libvirt-2.5.0/debian/patches/md-clear.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,40 +0,0 @@ -Backport of: - -From 538d873571d7a682852dc1d70e5f4478f4d64e85 Mon Sep 17 00:00:00 2001 -From: Jiri Denemark -Date: Fri, 5 Apr 2019 15:11:20 +0200 -Subject: [PATCH] cpu_map: Define md-clear CPUID bit -MIME-Version: 1.0 -Content-Type: text/plain; charset=utf8 -Content-Transfer-Encoding: 8bit - -CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091 - -The bit is set when microcode provides the mechanism to invoke a flush -of various exploitable CPU buffers by invoking the VERW instruction. - -Signed-off-by: Paolo Bonzini -Signed-off-by: Jiri Denemark -Reviewed-by: Daniel P. BerrangÃ© ---- - src/cpu_map/x86_features.xml | 3 +++ - .../x86_64-cpuid-Xeon-E3-1225-v5-enabled.xml | 2 +- - .../x86_64-cpuid-Xeon-E3-1225-v5-guest.xml | 1 + - .../x86_64-cpuid-Xeon-E3-1225-v5-host.xml | 1 + - .../x86_64-cpuid-Xeon-E3-1225-v5-json.xml | 1 + - .../x86_64-cpuid-Xeon-Platinum-8268-guest.xml | 1 + - .../x86_64-cpuid-Xeon-Platinum-8268-host.xml | 1 + - 7 files changed, 9 insertions(+), 1 deletions(-) - ---- a/src/cpu/cpu_map.xml -+++ b/src/cpu/cpu_map.xml -@@ -268,6 +268,9 @@ - - - -+ -+ -+ - - - diff -Nru libvirt-2.5.0/debian/patches/series libvirt-2.5.0/debian/patches/series --- libvirt-2.5.0/debian/patches/series 2019-05-16 12:54:05.000000000 +0000 +++ libvirt-2.5.0/debian/patches/series 2018-02-09 02:27:05.000000000 +0000 @@ -81,4 +81,3 @@ CVE-2017-5715-ibrs-8.patch CVE-2017-5715-ibrs-9.patch CVE-2017-5715-ibrs-10.patch -md-clear.patch