On 19/05/2021 09:38, Moritz Muehlenhoff wrote:
Ola Lundqvist wrote:
I only briefly looked at the CVEs.
If you haven't even looked the issues properly don't waste other people's time.
Seems things got a bit prickly here, so I'm seeing if I can do some
coordinating to make things a bit smoother.
I believe that everyone involved, both you and Ola, had good motivations
behind their words.
I'm seeing the notes in the context of it being marked vulnerable (no
DSA) on buster:
[buster] - firmware-nonfree <no-dsa> (Non-free not supported)
Short of details:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00438.html
Per Intel, this was fixed by a firmware update. v49.0.1 of the
firmware is required. The new firmware requires a kernel patch
https://git.kernel.org/linus/c784e5249e773689e38d2bc1749f08b986621a26
Firmware was added via
https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=c487f7dadcd21116613441ed355b764003b3f57b
Based on that, here are my takes Ola's questions might be:
1) Too invasive for this issue, but it's nice give people enough
information to deal with this themselves
2) Not really
3) The treatment of this issue on buster and stretch would be best to be
kept consistent unless there are pressing reasons to do otherwise
Moritz, is that compatible to your take on this?
Ola, does this help you on this topic?
--
Lynoure Braakman
