Bug#1033676: unblock: xen/4.17.0+74-g3eac216e6e-1

To: 1033676@bugs.debian.org, Sebastian Ramacher <sramacher@debian.org>
Cc: Hans van Kranenburg <hans@knorrie.org>
Subject: Bug#1033676: unblock: xen/4.17.0+74-g3eac216e6e-1
From: Maximilian Engelhardt <maxi@daemonizer.de>
Date: Mon, 03 Apr 2023 21:35:33 +0200
Message-id: <[🔎] 3638732.iUQ4E7Xuxu@localhost>
Reply-to: Maximilian Engelhardt <maxi@daemonizer.de>, 1033676@bugs.debian.org
In-reply-to: <[🔎] ZCncr5kAHsmhAh68@ramacher.at>
References: <3294540.cWxxnDc6Ua@localhost> <[🔎] ZCncr5kAHsmhAh68@ramacher.at> <3294540.cWxxnDc6Ua@localhost>

Control: retitle -1 unblock: xen/4.17.0+74-g3eac216e6e-1

On Sonntag, 2. April 2023 21:51:11 CEST Sebastian Ramacher wrote:
> On 2023-03-29 23:27:11 +0200, Maximilian Engelhardt wrote:
> > Package: release.debian.org
> > Severity: normal
> > User: release.debian.org@packages.debian.org
> > Usertags: unblock
> > X-Debbugs-Cc: xen@packages.debian.org, maxi@daemonizer.de,
> > team@security.debian.org Control: affects -1 + src:xen
> > 
> > Please approve an upload of xen to unstable and later unblock package
> > xen. See the "Other info" section below on why this is a pre-approval
> > request.
> 
> Please go ahead
> 
> Cheers

Thanks, xen/4.17.0+74-g3eac216e6e-1 has been uploaded to unstable and already 
built on all architectures.

> > [ Reason ]
> > Xen in bookworm (and unstable) is currently affected by CVE-2022-42331,
> > CVE-2022-42332, CVE-2022-42333 and CVE-2022-42334 (see #1033297).
> > 
> > [ Impact ]
> > The above mentioned CVEs are not fixed.
> > 
> > [ Tests ]
> > The Debian package is based only on upstream commits that have passed
> > the upstream automated tests.
> > The Debian package has been successfully tested by the xen packaging
> > team on their test machines.
> > 
> > [ Risks ]
> > There could be upstream changes unrelated to the above mentioned
> > security fixes that cause regressions. However upstream has an automated
> > testing machinery (osstest) that only allows a commit in the upstream
> > stable branch if all test pass.
> > 
> > [ Checklist ]
> > 
> >   [x] all changes are documented in the d/changelog
> >   [x] I reviewed all changes and I approve them
> >   [x] attach debdiff against the package in testing
> > 
> > [ Other info ]
> > This security fix is based on the latest upstream stable-4.17 branch.
> > The branch in general only accepts bug fixes and does not allow new
> > features, so the changes there are mainly security and other bug fixes.
> > This does not exactly follow the "only targeted fixes" release policy,
> > so we are asking for a pre-approval.
> > The package we have prepared is exactly what we would have done as a
> > security update in a stable release, what we have historically done
> > together with the security team and are planning to continue to do.
> > As upstream does extensive automated testing on their stable branches
> > chances for unnoticed regressions are low. We believe this way the risk
> > for bugs is lower than trying to manually pick and adjust patches
> > without all the deep knowledge that upstream has. This approach is
> > similar to what the linux package is doing.
> > 
> > unblock xen/4.17.0+74-g3eac216e6e-1
> > 
> > Thanks
> >

Attachment: signature.asc
Description: This is a digitally signed message part.

Reply to:

References:
- Bug#1033676: unblock: xen/4.17.0+74-g3eac216e6e-1 (pre-approval)
  - From: Sebastian Ramacher <sramacher@debian.org>

Prev by Date: Bug#1032614: marked as done (ddcutil: pre-approval request ddcutil-1.4.2-1 fixes bug #1031259)
Next by Date: Processed: Re: Bug#1033676: unblock: xen/4.17.0+74-g3eac216e6e-1
Previous by thread: Bug#1033676: unblock: xen/4.17.0+74-g3eac216e6e-1 (pre-approval)
Next by thread: Processed: Re: Bug#1033676: unblock: xen/4.17.0+74-g3eac216e6e-1
Index(es):
- Date
- Thread