xen (4.11.4-1) unstable; urgency=medium

    This package version fixes a bug that would call the stop action on the
    xen init script when removing an obsolete xen-utils-V package for a Xen
    version V other than the currently running one. This results in stopping
    the xenconsoled process.

    If you just upgraded from Xen 4.8 (Stretch), this will happen when
    removing the xen-utils-4.8 package afterwards.

    The resulting situation can safely be repaired by calling the start action
    on the xen script again manually once to bring back the xenconsoled
    process. There will be no damage to running domUs.

    If you're upgrading from previous Xen 4.11 packages, no action is needed.

    Having these (or later) Xen 4.11 packages installed means that the bug
    will not trigger any more when removing xen-utils-4.11 after upgrading to
    a newer Xen version (e.g. 4.13) in the future.

 -- Hans van Kranenburg <hans@knorrie.org>  Tue, 26 May 2020 13:33:17 +0200

xen (4.11.1+92-g6c33308a8d-1) unstable; urgency=high

    This update contains the mitigations for the Microarchitectural Data
    Sampling speculative side channel attacks. Only Intel based processors are
    affected.

    Note that these fixes will only have effect when also loading updated cpu
    microcode with MD_CLEAR functionality. When using the intel-microcode
    package to include microcode in the dom0 initrd, it has to be loaded by
    Xen. Please refer to the hypervisor command line documentation about the
    'ucode=scan' option.

    For the fixes to be fully effective, it is currently also needed to disable
    hyper-threading, which can be done in BIOS settings, or by using smt=no on
    the hypervisor command line.

    Additional information is available in the upstream Xen security advisory:
    https://xenbits.xen.org/xsa/advisory-297.html

 -- Hans van Kranenburg <hans@knorrie.org>  Tue, 18 Jun 2019 09:50:19 +0200