[CentOS-virt] Xen Security patching

Sat Nov 23 15:37:15 UTC 2013
Johnny Hughes <johnny at centos.org>

On 11/23/2013 06:33 AM, Johnny Hughes wrote:
> On 11/23/2013 06:24 AM, Johnny Hughes wrote:
>> On 11/22/2013 01:12 PM, Chris Elliott wrote:
>>> Hi Guys
>>>
>>> When is the next update of Hypervisor packages going to be released?
>>>
>>> There appears to be no changes to the main hypervisor RPMs since
>>> September (Even in the BETA / RC1 tree) and there are 5+ Xen Security
>>> Advisories with patches which need to be added.
>>>
>>> “Security issues are handled and released in sync with public
>>> disclosure upstream with zero lag”
>>>
>>> I can rebuild my own, but that’s not really the point. In other news
>>> I’ve been doing some testing of the 3.10 kernel and so far so good!
>>>
>> That is not true ...
>>
>> I updated testing RPMS into the rc1 tree and announced it here:
>>
>> http://lists.centos.org/pipermail/centos-virt/2013-November/003485.html
>>
>> If I can get at least one or 2 people to tell me this works, I'll push it.
>>
>> Thanks,
>> Johnny Hughes
> By not true, I mean that all XSAs that are applicable up to xsa-72 are
> in the xen-4.2.3-24 RPMS in the RC1 repo right now. I have gotten 0
> feedback since I released them. (xsa-62 through xsa-72)
>
> xsa-73, xsa-75, xsa-78 can be released now, but they are very new.

OK, a newer version of xen-4.2.3-25 now exists in xen-RC-1 ... this
includes xsa-73, xsa-75, and xsa-78

Please test and provide feedback so we can move these to production.

Thanks,
Johnny Hughes

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos-virt/attachments/20131123/081e7644/attachment-0004.sig>