[Git][security-tracker-team/security-tracker][master] Reserve DLA-3808-1 for intel-microcode

Tobias Frost (@tobi) Sat, 04 May 2024 08:16:26 -0700


Tobias Frost pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
b2394717 by Tobias Frost at 2024-05-04T17:15:59+02:00
Reserve DLA-3808-1 for intel-microcode

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -17884,35 +17884,30 @@ CVE-2023-43490 (Incorrect calculation in microcode 
keying mechanism for some Int
        - intel-microcode 3.20240312.1 (bug #1066108)
        [bookworm] - intel-microcode <postponed> (Decide after exposure on 
unstable for update)
        [bullseye] - intel-microcode <postponed> (Decide after exposure on 
unstable for update)
-       [buster] - intel-microcode <postponed> (Decide after exposure on 
unstable for update)
        NOTE: 
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01045.html
        NOTE: 
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20240312
 CVE-2023-39368 (Protection mechanism failure of bus lock regulator for some 
Intel(R) P ...)
        - intel-microcode 3.20240312.1 (bug #1066108)
        [bookworm] - intel-microcode <postponed> (Decide after exposure on 
unstable for update)
        [bullseye] - intel-microcode <postponed> (Decide after exposure on 
unstable for update)
-       [buster] - intel-microcode <postponed> (Decide after exposure on 
unstable for update)
        NOTE: 
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00972.html
        NOTE: 
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20240312
 CVE-2023-38575 (Non-transparent sharing of return predictor targets between 
contexts i ...)
        - intel-microcode 3.20240312.1 (bug #1066108)
        [bookworm] - intel-microcode <postponed> (Decide after exposure on 
unstable for update)
        [bullseye] - intel-microcode <postponed> (Decide after exposure on 
unstable for update)
-       [buster] - intel-microcode <postponed> (Decide after exposure on 
unstable for update)
        NOTE: 
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00982.html
        NOTE: 
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20240312
 CVE-2023-22655 (Protection mechanism failure in some 3rd and 4th Generation 
Intel(R) X ...)
        - intel-microcode 3.20240312.1 (bug #1066108)
        [bookworm] - intel-microcode <postponed> (Decide after exposure on 
unstable for update)
        [bullseye] - intel-microcode <postponed> (Decide after exposure on 
unstable for update)
-       [buster] - intel-microcode <postponed> (Decide after exposure on 
unstable for update)
        NOTE: 
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00960.html
        NOTE: 
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20240312
 CVE-2023-28746 (Information exposure through microarchitectural state after 
transient  ...)
        - intel-microcode 3.20240312.1 (bug #1066108)
        [bookworm] - intel-microcode <postponed> (Decide after exposure on 
unstable for update)
        [bullseye] - intel-microcode <postponed> (Decide after exposure on 
unstable for update)
-       [buster] - intel-microcode <postponed> (Decide after exposure on 
unstable for update)
        - linux 6.7.9-2
        [bookworm] - linux 6.1.82-1
        - xen <unfixed>


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[04 May 2024] DLA-3808-1 intel-microcode - security update
+       {CVE-2023-22655 CVE-2023-28746 CVE-2023-38575 CVE-2023-39368 
CVE-2023-43490}
+       [buster] - intel-microcode 3.20240312.1~deb10u1
 [04 May 2024] DLA-3807-1 glibc - security update
        {CVE-2024-2961}
        [buster] - glibc 2.28-10+deb10u3


=====================================
data/dla-needed.txt
=====================================
@@ -105,12 +105,6 @@ i2p
   NOTE: 20230809: Added by Front-Desk (Beuc)
   NOTE: 20230809: Experimental issue-based workflow: please self-assign and 
follow https://salsa.debian.org/lts-team/lts-updates-tasks/-/issues/28
 --
-intel-microcode (tobi)
-  NOTE: 20240502: Added by Front-Desk (Beuc)
-  NOTE: 20240502: Update being tested in unstable,
-  NOTE: 20240502: (CVE-2023-22655 CVE-2023-28746 CVE-2023-38575 CVE-2023-39368 
CVE-2023-43490)
-  NOTE: 20240502: Follow PU: #1068082 and #1068084 (Beuc/front-desk)
---
 jenkins-htmlunit-core-js
   NOTE: 20231231: Added by Front-Desk (lamby)
   NOTE: 20231231: Needs checking that this is definitely vulnerable: a quick 
glance



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b23947176c7ede9a9b9260cbea8ad041a135fe44

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b23947176c7ede9a9b9260cbea8ad041a135fe44
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Reserve DLA-3808-1 for intel-microcode

Reply via email to