xen (4.20.2+37-g61ff35323e-1) [PTS] [DDPO]

OK: VCS matches the version in the archive

Git: https://salsa.debian.org/xen-team/debian-xen.git
JSON
Enter a full Vcs-* header, supported schemes are: Vcs-Bzr, Vcs-Cvs, Vcs-Darcs, Vcs-Git, Vcs-Hg, Vcs-Mtn, Vcs-Svn.
For Vcs-Git append -b branch to select the branch name; append [subdir] if the debian/ directory is not in the repository root.
The next upload will reset the information from the source package headers.
Branch: master
Path: debian/changelog
Repo size: 45207552
Browser: https://salsa.debian.org/xen-team/debian-xen
Last scan: 2026-04-15 08:40:09+00
Next scan: 2026-04-21 09:30:00+00
Open issues: 12
Merge requests: 1
CI pipeline status: success

Debian changelog in Git:

xen (4.20.2+37-g61ff35323e-1) unstable; urgency=medium

  * Update to new upstream version 4.20.2+37-g61ff35323e, which also contains
    security fixes for the following issues:
    - x86: buffer overrun with shadow paging + tracing
      XSA-477 CVE-2025-58150
    - x86: incomplete IBPB for vCPU isolation
      XSA-479 CVE-2026-23553
  * Note that the following XSA are not listed, because...
    - XSA-478 applies to XAPI which is not included in Debian
  * Pick upstream commit 1ecb5946bd ("xen/arm: Set ThumbEE as not present in
    PFR0") which is an additional fix for the ThumbEE commit picked in
    previous upload.

 -- Hans van Kranenburg <hans@knorrie.org>  Fri, 13 Feb 2026 20:43:00 +0100

This branch is even with tag archive/debian/4.20.2+37-g61ff35323e-1