---
- branch: MAIN
  date: Fri Sep 26 10:39:32 UTC 2014
  files:
  - new: '1.8'
    old: '1.7'
    path: pkgsrc/sysutils/xenkernel42/Makefile
    pathrev: pkgsrc/sysutils/xenkernel42/Makefile@1.8
    type: modified
  - new: '1.6'
    old: '1.5'
    path: pkgsrc/sysutils/xenkernel42/distinfo
    pathrev: pkgsrc/sysutils/xenkernel42/distinfo@1.6
    type: modified
  - new: '1.1'
    old: '0'
    path: pkgsrc/sysutils/xenkernel42/patches/patch-xen_arch_x86_mm_shadow_common.c
    pathrev: pkgsrc/sysutils/xenkernel42/patches/patch-xen_arch_x86_mm_shadow_common.c@1.1
    type: added
  - new: '1.1'
    old: '0'
    path: pkgsrc/sysutils/xenkernel42/patches/patch-xen_arch_x86_x86_emulate_x86_emulate.c
    pathrev: pkgsrc/sysutils/xenkernel42/patches/patch-xen_arch_x86_x86_emulate_x86_emulate.c@1.1
    type: added
  - new: '1.12'
    old: '1.11'
    path: pkgsrc/sysutils/xentools42/distinfo
    pathrev: pkgsrc/sysutils/xentools42/distinfo@1.12
    type: modified
  id: 20140926T103932Z.631fd566dad9758de93cb8d4e3a6f9b0ed2c8fbf
  log: |
    Update xentools42 and xenkernel42 to Xen 4.2.5, fixing:
    CVE-2014-2599 / XSA-89 HVMOP_set_mem_access is not preemptible
    CVE-2014-3124 / XSA-92 HVMOP_set_mem_type allows invalid P2M entries to be
      created
    CVE-2014-3967,CVE-2014-3968 / XSA-96 Vulnerabilities in HVM MSI injection
    CVE-2014-4021 / XSA-100 Hypervisor heap contents leaked to guests

    pkgsrc also includes patches from the Xen Security Advisory:
    XSA-104 (CVE-2014-7154) - Race condition in HVMOP_track_dirty_vram
    XSA-105 (CVE-2014-7155) - Missing privilege level checks in x86 HLT, LGDT,
      LIDT, and LMSW emulation
    XSA-106 (CVE-2014-7156) - Missing privilege level checks in x86 emulation
      of software interrupts
  module: pkgsrc
  subject: 'CVS commit: pkgsrc/sysutils'
  unixtime: '1411727972'
  user: bouyer