Your message dated Fri, 24 Feb 2023 18:35:23 +0000
with message-id <[email protected]>
and subject line Bug#1031567: fixed in xen 4.17.0+46-gaaf74a532c-1
has caused the Debian Bug report #1031567,
regarding xen: CVE-2022-27672: XSA-426: x86: Cross-Thread Return Address 
Predictions
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
1031567: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031567
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: xen
Version: 4.17.0+24-g2f8851c37f-2
Severity: grave
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>

Hi,

The following vulnerability was published for xen, filling with RC
severity (for ideally fixed before bookworm release):

CVE-2022-27672[0]:
| When SMT is enabled, certain AMD processors may speculatively execute
| instructions using a target from the sibling thread after an SMT mode
| switch potentially resulting in information disclosure.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2022-27672
    https://www.cve.org/CVERecord?id=CVE-2022-27672
[1] https://xenbits.xen.org/xsa/advisory-426.html

Regards,
Salvatore

--- End Message ---
--- Begin Message ---
Source: xen
Source-Version: 4.17.0+46-gaaf74a532c-1
Done: Hans van Kranenburg <[email protected]>

We believe that the bug you reported is fixed in the latest version of
xen, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Hans van Kranenburg <[email protected]> (supplier of updated xen package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 24 Feb 2023 18:06:42 +0100
Source: xen
Architecture: source
Version: 4.17.0+46-gaaf74a532c-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Xen Team <[email protected]>
Changed-By: Hans van Kranenburg <[email protected]>
Closes: 1031567
Changes:
 xen (4.17.0+46-gaaf74a532c-1) unstable; urgency=medium
 .
   * Update to new upstream version 4.17.0+46-gaaf74a532c, which also contains
     security fixes for the following issues:
      - x86: Cross-Thread Return Address Predictions
        XSA-426 CVE-2022-27672
        (Closes: #1031567)
   * debian/shuffle-boot-files: fix typo
   * debian/changelog: Fix bug number typo.
   * debian/changelog: Remove duplicate 'Note that'
Checksums-Sha1:
 8ee95f392ae3886cc44e1188e3b066525656d4a4 4482 xen_4.17.0+46-gaaf74a532c-1.dsc
 c79927822886a59279858ec141269bd73ebdedb7 4654744 
xen_4.17.0+46-gaaf74a532c.orig.tar.xz
 316f782a8e1225f14d812894fb9dd448f68c9f8c 136556 
xen_4.17.0+46-gaaf74a532c-1.debian.tar.xz
Checksums-Sha256:
 85b5412e9b84421a9c8d8cb8b94a4cdb8bc14b70acc6c1a376b1aeb01d3fd832 4482 
xen_4.17.0+46-gaaf74a532c-1.dsc
 e188bef94cd0e740f9914c3339555b9c725cc6eda0a0f5ea843d3c6e9b715e32 4654744 
xen_4.17.0+46-gaaf74a532c.orig.tar.xz
 2840086bcb00dd4da2f692b827f1a812b08448ed5776ade2d226c6a64b08c3f7 136556 
xen_4.17.0+46-gaaf74a532c-1.debian.tar.xz
Files:
 9e034d902c99d58a3d30e9b6481071fd 4482 admin optional 
xen_4.17.0+46-gaaf74a532c-1.dsc
 48304ee0ec648ee8b90f4574ae8d3fc9 4654744 admin optional 
xen_4.17.0+46-gaaf74a532c.orig.tar.xz
 ac1161f2d9465bfaf270733b2eddd27c 136556 admin optional 
xen_4.17.0+46-gaaf74a532c-1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEESWyddwNaG9637koYssHfcmNhX2wFAmP4/ZcACgkQssHfcmNh
X2w61Q/+JfxK2X78YV6pIziPbE4kJx1zPQjtbL9UA8EJ3b6Z0u5rMdloOkrAuycJ
FORV7cFQQNtx3Lxqat96WqMOFUQpLJN54xzG7BMF2RybQQqYYQufmyVIvLkpj1wA
Yh6LQikUMUMTCj8psQ/CqGa5ZgVFHtN6ZmqKVmxaAyCgNidAbXItx/Ls6osHaEVG
12BBPWbm4eCvkSVk16qQV2n0nK2wqmr+eNeiXWK1H7WJt1nFX21DBDggZztY4sxk
nKXimekYjb2mDwlCkLKYFk2JmN0/yypa3Frk4c528Xfn0KXiFzNfBiBAFa7bSTIS
geXhr/ja9V+VFKxZ8DshumCL4BPJI7Xe7GFBGkByGtDZiC4gbUk6aNQcVFCNJmM6
8DAeBOGpFm9upxH6ZzNV1PTmGSYFK2db9c+0SDzWzx8BC81GEYo3iI5ItSS13Uv8
oP20v9vk5juWLH35SY7rrpc0Oi8UU5hOqNer1x9PRR1/WuTOmq8xuAqngoOjMH0l
y1qCpXgfqStYTfBudJrcgVMeZFRdt/VTP0HZWMlpkD4UUpIsasEkuRiyW1KDIR/s
dtth8XdqDbYg9WsSZ5OWRPPGaQ1CRXZjHW7O8gdd87ZpuhkVUXBRr8gF1hgLZIZq
gettXY3eUrhHMN6nMwi6Mmn0GABXDPIDbnAETGgMHy4AY2QQWfg=
=m/mh
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to