d/changelog: Update 4.11.1+92-g6c33308a8d-1

The +58 was never uploaded, so reuse the changelog entry.

Use urgency=high because this is a huge pile of security fixes.

diff --git a/debian/changelog b/debian/changelog
index f53e43f4319847b394a2ab3644a9bc67e46324cc..9c64ee1326dd4fa4c823012d123b5b10445cfe20 100644 (file)
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,33 +1,37 @@
-xen (4.11.1+92-g6c33308a8d-1) UNRELEASED; urgency=medium
+xen (4.11.1+92-g6c33308a8d-1) unstable; urgency=high
 
-  * Update to new upstream version 4.11.1+92-g6c33308a8d.
-
- -- Hans van Kranenburg <hans@knorrie.org>  Tue, 18 Jun 2019 09:50:19 +0200
-
-xen (4.11.1+58-g3b062f5040-1) unstable; urgency=medium
-
-  * Update to new upstream version 4.11.1+58-g3b062f5040, which also
+  * Update to new upstream version 4.11.1+92-g6c33308a8d, which also
     contains the following security fixes:
     - Fix: grant table transfer issues on large hosts
-      XSA-284 (no CVE yet)
+      XSA-284 (no CVE yet) (Closes: #929991)
     - Fix: race with pass-through device hotplug
-      XSA-285 (no CVE yet)
+      XSA-285 (no CVE yet) (Closes: #929998)
     - Fix: x86: steal_page violates page_struct access discipline
-      XSA-287 (no CVE yet)
+      XSA-287 (no CVE yet) (Closes: #930001)
     - Fix: x86: Inconsistent PV IOMMU discipline
-      XSA-288 (no CVE yet)
+      XSA-288 (no CVE yet) (Closes: #929994)
     - Fix: missing preemption in x86 PV page table unvalidation
-      XSA-290 (no CVE yet)
+      XSA-290 (no CVE yet) (Closes: #929996)
     - Fix: x86/PV: page type reference counting issue with failed IOMMU update
-      XSA-291 (no CVE yet)
+      XSA-291 (no CVE yet) (Closes: #929995)
     - Fix: x86: insufficient TLB flushing when using PCID
-      XSA-292 (no CVE yet)
+      XSA-292 (no CVE yet) (Closes: #929993)
     - Fix: x86: PV kernel context switch corruption
-      XSA-293 (no CVE yet)
+      XSA-293 (no CVE yet) (Closes: #929999)
     - Fix: x86 shadow: Insufficient TLB flushing when using PCID
-      XSA-294 (no CVE yet)
+      XSA-294 (no CVE yet) (Closes: #929992)
+    - Fix: Microarchitectural Data Sampling speculative side channel
+      XSA-297 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091
+      (Closes: #929129)
+  * Note that the fixes for XSA-297 will only have effect when also loading
+    updated cpu microcode with MD_CLEAR functionality. When using the
+    intel-microcode package to include microcode in the dom0 initrd, it has to
+    be loaded by Xen. Please refer to the hypervisor command line
+    documentation about the 'ucode=scan' option.
+  * Fixes for XSA-295 "Unlimited Arm Atomics Operations" will be added in the
+    next upload.
 
- -- Hans van Kranenburg <hans@knorrie.org>  Mon, 13 May 2019 21:54:56 +0200
+ -- Hans van Kranenburg <hans@knorrie.org>  Tue, 18 Jun 2019 09:50:19 +0200
 
 xen (4.11.1+26-g87f51bf366-3) unstable; urgency=medium