Hi Holger
On Wed, Dec 19, 2018 at 03:33:43PM +, Holger Levsen wrote:
> How are the Xen 4.4 fixes coming along?
In the meantime I was informed by Peter that finishing anything like a
usable backport is not feasible in a useful time frame.
I updated the security tracker now and marked all the
Hi, Holger,
> Holger Levsen hat am 19. Dezember 2018 um 16:33
> geschrieben:
> On Fri, Dec 07, 2018 at 01:32:49PM +0100, Peter Dreuw wrote:
>
> go to https://salsa.debian.org/security-tracker-team as a logged in user
> and you will see a button "request access" (unless you are already a
> membe
Hi Peter,
sorry for the delay in replying...
On Fri, Dec 07, 2018 at 01:32:49PM +0100, Peter Dreuw wrote:
> > Assuming (*) you will continue to work on xen DLAs: please apply to become
> > a project member of https://salsa.debian.org/security-tracker-team/ so
> > that you can push your commits di
Hi Holger, hi all,
On 06.12.18 21:49, Holger Levsen wrote:
>>> I assume it might also be a good idea if'd summarize the state
>>> of the various (CVE) issues in NOTEs in data/dla-needed.txt in
>>> security-tracker.git so that it's clearly visible in one location what
>>> the status of backporting
Hi Peter,
On Thu, Dec 06, 2018 at 10:45:29AM +0100, Peter Dreuw wrote:
> sorry for replying late. I picked up a cold and was out of office some
> days.
/me also waves with a jojo-cold (going up and down)
> > If some of the Spectre mitigations can't be backported, make a detailed
> > writeup of w
Hi Peter,
On Thu, Dec 06, 2018 at 12:35:32PM +0100, Peter Dreuw wrote:
> Hi Holger, hi all,
I've re-added the debian-lts list...
> On 05.12.18 18:58, Holger Levsen wrote:
> > yes, we should fix what's (sensibly) possible to fix in xen 4.4.
> >
> > So Peter, please go ahead and backport as much a
Hi Moritz, Hi all!
sorry for replying late. I picked up a cold and was out of office some
days.
On 28.11.18 22:44, Moritz Muehlenhoff wrote:
> On Wed, Nov 28, 2018 at 12:59:11PM +0100, Peter Dreuw wrote:
>> Hi out there,
>> Another option would be backporting the Xen
>> 4.8.4+xsa273+shim4.10.1+x
Hi Peter and everyone,
first of all, thank you all for contributing to this thread!
On Mon, Dec 03, 2018 at 08:40:08PM +, Ben Hutchings wrote:
> > If so, the other fixes are probably not to much work. But implementing
> > BTI fixes is a long and unknown road. I cannot give any reliable number
On Mon, 2018-12-03 at 15:49 -0500, Antoine Beaupré wrote:
> On 2018-12-03 20:40:08, Ben Hutchings wrote:
>
> [...]
>
> > I don't see this as an acceptable option for LTS. We could maybe add a
> > xen-4.8 package if it was popular in jessie-backports, but that doesn't
> > excuse us from having to
On 2018-12-03 20:40:08, Ben Hutchings wrote:
[...]
> I don't see this as an acceptable option for LTS. We could maybe add a
> xen-4.8 package if it was popular in jessie-backports, but that doesn't
> excuse us from having to support 4.4.
As I was repeatedly told during my work on Enigmail / Gnu
On Wed, 2018-11-28 at 12:59 +0100, Peter Dreuw wrote:
[...]
> While XSA-275 and XSA280 might be easy to apply the upstream fix,
> XSA-279 does not apply to the current Xen 4.4 state. XSA-279 does only
> affect after implementing the XSA-254 (Meltdown) fixes. From this
> perspective. XSA-279 could b
On 2018-11-28 22:44:52, Moritz Muehlenhoff wrote:
> On Wed, Nov 28, 2018 at 12:59:11PM +0100, Peter Dreuw wrote:
>> Hi out there,
>> Another option would be backporting the Xen
>> 4.8.4+xsa273+shim4.10.1+xsa273-1+deb9u10 (and following) package from
>> Stretch to Jessie.
>
> What would be the point
On Wed, Nov 28, 2018 at 12:59:11PM +0100, Peter Dreuw wrote:
> Hi out there,
> Another option would be backporting the Xen
> 4.8.4+xsa273+shim4.10.1+xsa273-1+deb9u10 (and following) package from
> Stretch to Jessie.
What would be the point? If you migrate to a complete new Xen release,
then you ca
Hi out there,
as you might have noticed, we fixed many issues with Xen 4.4 in Jessie.
cf. https://security-tracker.debian.org/tracker/source-package/xen
With this, all current "trivial" cases are closed (ignoring the few arm
already marked no-DSA before the LTS support stepped in) These might be
14 matches
Mail list logo
