On 01/11/2022 15:28, Juergen Gross wrote:
> When destroying a domain, any stale permissions of the domain must be
> removed from the special nodes "@...", too. This was not done in the
> fix for XSA-322.
>
> Fixes: 496306324d8d ("tools/xenstore: revoke access rights for removed
> domains")
> Signed-off-by: Juergen Gross <jgr...@suse.com>
> Reviewed-by: Julien Grall <jgr...@amazon.com>
Henry, this one also ought to be considered for 4.17 at this point, as
it's a bugfix to security fix.
As noted in the cover letter, it is R-by already as it came up in
private, but was ultimately not included in the security content.
Thanks,
~Andrew
