Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
1c9dda41 by Salvatore Bonaccorso at 2020-03-13T18:58:59+01:00
Mark amd64-microcode as no-dsa and drop from dsa-needed list
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -171222,6 +171222,7 @@ CVE-2017-5715 (Systems with microprocessors utilizing
speculative execution and
[stretch] - intel-microcode 3.20180425.1~deb9u1
[jessie] - intel-microcode 3.20180425.1~deb8u1
- amd64-microcode 3.20180515.1
+ [stretch] - amd64-microcode <no-dsa> (Can be fixed via point release)
NOTE: https://spectreattack.com/
NOTE: https://xenbits.xen.org/xsa/advisory-254.html
NOTE:
https://googleprojectzero.blogspot.co.uk/2018/01/reading-privileged-memory-with-side.html
=====================================
data/dsa-needed.txt
=====================================
@@ -11,13 +11,6 @@ To pick an issue, simply add your uid behind it.
If needed, specify the release by adding a slash after the name of the source
package.
---
-amd64-microcode/oldstable (Anton Gladky)
- NOTE: 20200224: Missing IBPB feature for Spectre variant 2 mitigation
- NOTE: 20200224: (stretch only). (Kernel support was added in 2018.)
- NOTE: 20200224: The maintainer says version 3.20191218.1 can be
- NOTE: 20200224: backported to all stable releases.
- NOTE: 20200312: updated package is in testing phase
--
bluez (carnil)
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1c9dda4132363fd5b169a3aad5fec48a4e4d2f72
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1c9dda4132363fd5b169a3aad5fec48a4e4d2f72
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
