On 19 February 2018 at 14:10, Greg Wooledge <wool...@eeg.ccf.org> wrote:

> On Mon, Feb 19, 2018 at 09:13:42PM +0800, Turritopsis Dohrnii Teo En Ming
> wrote:
> > What are the patches that I can download and install to be protected
> > against the Meltdown and Spectre security vulnerabilities?
> Meltdown patch went out a month ago.
> Spectre, see here:
> https://security-tracker.debian.org/tracker/CVE-2017-5753

​Please excuse my extreme ignorance here, but there is something puzzling
me a bit in the spectre web page......

For the sid entry, the table says the following:

Source PackageReleaseVersionStatus
sid                                             4.15.4-1    vulnerable

I had thought up to now that e.g. kernel 4.15.4-1 was new enough that if
you compiled it with gcc 7.3 then the spectre fix would then work.

Does the status indicator here refer to the spectre problem?

If it does why does it say vulnerable?

Is there something else causing a problem or barrier here that means you
can't use gcc 7.3 with what seems to be source code for this kernel
(maybe it's not the kernel source, please correct me here) or some other
confounding factor here?




Reply via email to