CVS commit: pkgsrc/sysutils/xentools42

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/sysutils/xentools42
From: "Patrick Welche" <prlw1%netbsd.org@localhost>
Date: Sat, 22 Feb 2014 01:28:23 +0000

Module Name:    pkgsrc
Committed By:   prlw1
Date:           Sat Feb 22 01:28:23 UTC 2014

Modified Files:
        pkgsrc/sysutils/xentools42: Makefile distinfo
Removed Files:
        pkgsrc/sysutils/xentools42/patches: patch-libxc_xc_dom_h

Log Message:
Update xentools42 to 4.2.4

Removed patch-libxc_xc_dom_h: commited as cb08944a

This fixes the following critical vulnerabilities:

- CVE-2013-2212 / XSA-60 Excessive time to disable caching with HVM guests with
PCI passthrough
- CVE-2013-1442 / XSA-62 Information leak on AVX and/or LWP capable CPUs
- CVE-2013-4355 / XSA-63 Information leaks through I/O instruction emulation
- CVE-2013-4361 / XSA-66 Information leak through fbld instruction emulation
- CVE-2013-4368 / XSA-67 Information leak through outs instruction emulation
- CVE-2013-4369 / XSA-68 possible null dereference when parsing vif ratelimiting
 info
- CVE-2013-4370 / XSA-69 misplaced free in ocaml xc_vcpu_getaffinity stub
- CVE-2013-4371 / XSA-70 use-after-free in libxl_list_cpupool under memory press
ure
- CVE-2013-4375 / XSA-71 qemu disk backend (qdisk) resource leak
- CVE-2013-4416 / XSA-72 ocaml xenstored mishandles oversized message replies
- CVE-2013-4494 / XSA-73 Lock order reversal between page allocation and grant t
able locks
- CVE-2013-4553 / XSA-74 Lock order reversal between page_alloc_lock and mm_rwlo
ck
- CVE-2013-4551 / XSA-75 Host crash due to guest VMX instruction execution
- CVE-2013-4554 / XSA-76 Hypercalls exposed to privilege rings 1 and 2 of HVM gu
ests
- CVE-2013-6375 / XSA-78 Insufficient TLB flushing in VT-d (iommu) code
- CVE-2013-6400 / XSA-80 IOMMU TLB flushing may be inadvertently suppressed
- CVE-2013-6885 / XSA-82 Guest triggerable AMD CPU erratum may cause host hang
- CVE-2014-1642 / XSA-83 Out-of-memory condition yielding memory corruption duri
ng IRQ setup
- CVE-2014-1891 / XSA-84 integer overflow in several XSM/Flask hypercalls
- CVE-2014-1895 / XSA-85 Off-by-one error in FLASK_AVC_CACHESTAT hypercall
- CVE-2014-1896 / XSA-86 libvchan failure handling malicious ring indexes
- CVE-2014-1666 / XSA-87 PHYSDEVOP_{prepare,release}_msix exposed to unprivilege
d guests
- CVE-2014-1950 / XSA-88 use-after-free in xc_cpupool_getinfo() under memory pre
ssure

Apart from those there are many further bug fixes and improvements.


To generate a diff of this commit:
cvs rdiff -u -r1.15 -r1.16 pkgsrc/sysutils/xentools42/Makefile
cvs rdiff -u -r1.9 -r1.10 pkgsrc/sysutils/xentools42/distinfo
cvs rdiff -u -r1.1 -r0 \
    pkgsrc/sysutils/xentools42/patches/patch-libxc_xc_dom_h

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Prev by Date: CVS commit: pkgsrc/doc
Next by Date: CVS commit: pkgsrc/doc
Previous by Thread: CVS commit: pkgsrc/doc
Next by Thread: CVS commit: pkgsrc/doc
Indexes:

Home | Main Index | Thread Index | Old Index