Hi,

just a heads-up: I'm planning to fix those CVEs for LTS and ELTS, and fix them
in the order unstable -> bookworm -> bullseye -> buster -> stretch -> jessie.

For unstable, I plan to do an NMU.

Staging area will be my fork on salsa: 
https://salsa.debian.org/tobi/intel-microcode

Please shout if you'd like me to handle it differently.

Cheers,
-- 
tobi

On Wed, 15 Feb 2023 08:52:06 +0100 Salvatore Bonaccorso <[email protected]> 
wrote:
> Source: intel-microcode
> Version: 3.20221108.1
> Severity: important
> Tags: security upstream
> X-Debbugs-Cc: [email protected], Debian Security Team 
> <[email protected]>
> Control: found -1 3.20220510.1~deb11u1
> Control: found -1 3.20220510.1~deb10u1
> 
> Hi,
> 
> The following vulnerabilities were published for intel-microcode.
> 
> CVE-2022-21216[0]:
> - INTEL-SA-00700
> 
> CVE-2022-33972[1]:
> - INTEL-SA-00730
> 
> CVE-2022-33196[2]:
> - INTEL-SA-00738
> 
> CVE-2022-38090[3]:
> - INTEL-SA-00767
> 
> If you fix the vulnerabilities please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
> 
> For further information see:
> 
> [0] https://security-tracker.debian.org/tracker/CVE-2022-21216
>     https://www.cve.org/CVERecord?id=CVE-2022-21216
>     
>https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00700.html
> [1] https://security-tracker.debian.org/tracker/CVE-2022-33972
>     https://www.cve.org/CVERecord?id=CVE-2022-33972
>     
>https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00730.html
> [2] https://security-tracker.debian.org/tracker/CVE-2022-33196
>     https://www.cve.org/CVERecord?id=CVE-2022-33196
>     
>https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00738.html
> [3] https://security-tracker.debian.org/tracker/CVE-2022-38090
>     https://www.cve.org/CVERecord?id=CVE-2022-38090
>     
>https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00767.html
> [4] 
> https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20230214
> 
> Regards,
> Salvatore
> 
> 

Reply via email to