This bug was fixed in the package xen - 4.9.0-0ubuntu2

---------------
xen (4.9.0-0ubuntu2) artful; urgency=medium

  * Add libxendevicemodel references to d/libxen-dev.install

xen (4.9.0-0ubuntu1) artful; urgency=medium

  * Update to upstream 4.9.0 release.
    Changes include numerous bugfixes, including security fixes for:
    XSA-213 / CVE-2017-8903
    XSA-214 / CVE-2017-8904
    XSA-217 / CVE-2017-10912
    XSA-218 / CVE-2017-10913, CVE-2017-10914
    XSA-219 / CVE-2017-10915
    XSA-220 / CVE-2017-10916
    XSA-221 / CVE-2017-10917
    XSA-222 / CVE-2017-10918
    XSA-223 / CVE-2017-10919
    XSA-224 / CVE-2017-10920, CVE-2017-10921, CVE-2017-10922
    XSA-225 / CVE-2017-10923
  * Additional CVE's:
    - XSA-226 / CVE-2017-12135
    - XSA-227 / CVE-2017-12137
    - XSA-228 / CVE-2017-12136
    - XSA-230 / CVE-2017-12855
  * Additional fixes:
    - debian/rules.real:
      - Add a call to build common tool headers
      - Add a call to install common tool headers
    - Add checking of return values of asprintf calls.
      - d/p/ubuntu/tools-xs-test-hardening.patch
    - Add additional modifications for new libxendevicemodel
      - d/p/ubuntu/tools-libs-abiname.diff
    - Fix a segmentation fault when mmio_hole is set in hvm.cfg (from 4.9.y)
      - d/p/upstream-4.9.1-tools-libxl-Fix-a-segment-fault-when-mmio_hole...
    - Enable Local MCE feature
      - d/p/.../0001-x86-mce-make-mce-barriers-private-to-their-users.patch
      - d/p/.../0002-x86-mce-make-found_error-and-mce_fatal_cpus-private-.patch
      - d/p/.../0003-x86-mce-fix-comment-of-struct-mc_telem_cpu_ctl.patch
      - d/p/.../0004-x86-mce-allow-mce_barrier_-enter-exit-to-return-with.patch
      - d/p/.../0005-x86-mce-handle-host-LMCE.patch
      - d/p/.../0006-x86-mce_intel-detect-and-enable-LMCE-on-Intel-host.patch
      - d/p/.../0007-x86-domctl-generalize-the-restore-of-vMCE-parameters.patch
      - d/p/.../0008-x86-vmce-emulate-MSR_IA32_MCG_EXT_CTL.patch
      - d/p/.../0009-x86-vmce-enable-injecting-LMCE-to-guest-on-Intel-hos.patch
      - d/p/.../0010-x86-vmx-expose-LMCE-feature-via-guest-MSR_IA32_FEATU.patch
      - d/p/.../0011-x86-vmce-tools-libxl-expose-LMCE-capability-in-guest.patch
      - d/p/.../0012-x86-mce-add-support-of-vLMCE-injection-to-XEN_MC_inj.patch
    - Re-introduce (fake) xs_restrict call to keep libxenstore version at
      3.0 for now.
      - d/p/ubuntu/tools-fake-xs-restrict.patch
    - debian/libxenstore3.0.symbols:
      - Added xs_control_command
    - xen-4.9.0/debian/xen-hypervisor-4.9.xen.cfg:
      - Modified GRUB_DEFAULT setting to be dynamic (like update-grub does)
        which should handle non English environments (LP: #1321144)

xen (4.8.1-1+deb9u1) unstable; urgency=medium

  * Security fixes for XSA-213 (Closes:#861659) and XSA-214
    (Closes:#861660).  (Xen 4.7 and later is not affected by XSA-215.)

xen (4.8.1-1) unstable; urgency=high

  * Update to upstream 4.8.1 release.
    Changes include numerous bugfixes, including security fixes for:
      XSA-212 / CVE-2017-7228   Closes:#859560
      XSA-207 / no cve yet      Closes:#856229
      XSA-206 / no cve yet      no Debian bug

xen (4.8.1~pre.2017.01.23-1) unstable; urgency=medium

  * Update to current upstream stable-4.8 git branch (Xen 4.8.1-pre).
    Contains bugfixes.
  * debian/control-real etc.: debian.py: Allow version numbers like this.

 -- Stefan Bader <email address hidden>  Fri, 18 Aug 2017 17:22:20 +0200