Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: intel-microc...@packages.debian.org, t...@security.debian.org
Control: affects -1 + src:intel-microcode
I've uploaded intel-microcode to DELAYED/5, ETA will be Mar 17 ~18:00 CET
Please unblock package intel-microcode once it hits unstable.
The upload updates intel microcodes to target (See #1031334)
- INTEL-SA-00700: CVE-2022-21216
- INTEL-SA-00730: CVE-2022-33972
- INTEL-SA-00738: CVE-2022-33196
- INTEL-SA-00767: CVE-2022-38090
the CVEs are information disclosure via local access vulnerbilities and
potential privilege escalations.
I plan to provide updated packages for bullseye (security team in CC).
As well as LTS (buster) and ELTS (stretch an jessie) as part of the freexian
LTS/ELTS project)
To keep the fixes consistent, I'd like to let them flow from sid -> jessie…
[ Tests ]
I've tested that the package works on Intel hardware that I have access to.
[ Checklist ]
[x] all changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in testing
unblock intel-microcode/3.20230214.1
--
tobi
diff -Nru intel-microcode-3.20221108.2/debian/changelog
intel-microcode-3.20230214.1/debian/changelog
--- intel-microcode-3.20221108.2/debian/changelog 2023-02-17
01:12:52.0 +0100
+++ intel-microcode-3.20230214.1/debian/changelog 2023-03-12
18:16:50.0 +0100
@@ -1,3 +1,52 @@
+intel-microcode (3.20230214.1) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * New upstream microcode datafile 20230214
+- Includes Fixes for: (Closes: #1031334)
+ - INTEL-SA-00700: CVE-2022-21216
+ - INTEL-SA-00730: CVE-2022-33972
+ - INTEL-SA-00738: CVE-2022-33196
+ - INTEL-SA-00767: CVE-2022-38090
+ * New Microcodes:
+sig 0x000806f4, pf_mask 0x10, 2022-12-19, rev 0x2c000170
+sig 0x000806f4, pf_mask 0x87, 2022-12-27, rev 0x2b000181
+sig 0x000806f5, pf_mask 0x10, 2022-12-19, rev 0x2c000170
+sig 0x000806f5, pf_mask 0x87, 2022-12-27, rev 0x2b000181
+sig 0x000806f6, pf_mask 0x10, 2022-12-19, rev 0x2c000170
+sig 0x000806f6, pf_mask 0x87, 2022-12-27, rev 0x2b000181
+sig 0x000806f7, pf_mask 0x87, 2022-12-27, rev 0x2b000181
+sig 0x000806f8, pf_mask 0x10, 2022-12-19, rev 0x2c000170
+sig 0x000806f8, pf_mask 0x10, 2022-12-19, rev 0x2c000170, size 600064
+sig 0x000806f8, pf_mask 0x87, 2022-12-27, rev 0x2b000181
+sig 0x000806f8, pf_mask 0x87, 2022-12-27, rev 0x2b000181, size 561152
+sig 0x000b06a2, pf_mask 0xc0, 2022-12-08, rev 0x410e
+sig 0x000b06a2, pf_mask 0xc0, 2022-12-08, rev 0x410e, size 212992
+sig 0x000b06a3, pf_mask 0xc0, 2022-12-08, rev 0x410e
+ * Updated Microcodes:
+sig 0x00050653, pf_mask 0x97, 2022-08-30, rev 0x1000161, size 36864
+sig 0x00050656, pf_mask 0xbf, 2022-08-26, rev 0x4003303, size 37888
+sig 0x00050657, pf_mask 0xbf, 2022-08-26, rev 0x5003303, size 37888
+sig 0x0005065b, pf_mask 0xbf, 2022-08-26, rev 0x7002503, size 29696
+sig 0x000606a6, pf_mask 0x87, 2022-10-09, rev 0xd000389, size 296960
+sig 0x000606c1, pf_mask 0x10, 2022-09-23, rev 0x1000211, size 289792
+sig 0x000706a1, pf_mask 0x01, 2022-09-16, rev 0x003e, size 75776
+sig 0x000706a8, pf_mask 0x01, 2022-09-20, rev 0x0022, size 76800
+sig 0x000706e5, pf_mask 0x80, 2022-08-31, rev 0x00b8, size 113664
+sig 0x000806a1, pf_mask 0x10, 2022-09-07, rev 0x0032, size 34816
+sig 0x00090672, pf_mask 0x07, 2023-01-04, rev 0x002c
+sig 0x00090672, pf_mask 0x07, 2023-01-04, rev 0x002c, size 219136
+sig 0x00090675, pf_mask 0x07, 2023-01-04, rev 0x002c
+sig 0x000906a3, pf_mask 0x80, 2023-01-11, rev 0x0429
+sig 0x000906a3, pf_mask 0x80, 2023-01-11, rev 0x0429, size 218112
+sig 0x000906a4, pf_mask 0x80, 2023-01-11, rev 0x0429
+sig 0x000906c0, pf_mask 0x01, 2022-09-02, rev 0x2424, size 20480
+sig 0x000a0671, pf_mask 0x02, 2022-08-31, rev 0x0057, size 103424
+sig 0x000b0671, pf_mask 0x32, 2022-12-19, rev 0x0112, size 207872
+sig 0x000b06f2, pf_mask 0x07, 2023-01-04, rev 0x002c
+sig 0x000b06f5, pf_mask 0x07, 2023-01-04, rev 0x002c
+
+ -- Tobias Frost Sun, 12 Mar 2023 18:16:50 +0100
+
intel-microcode (3.20221108.2) unstable; urgency=medium
* Move source and binary from non-free/admin to non-free-firmware/admin
Binary files /tmp/qNbFv9J1ty/intel-microcode-3.20221108.2/intel-ucode/06-55-03
and /tmp/Ekjb2KZejs/intel-microcode-3.20230214.1/intel-ucode/06-55-03 differ
Binary files /tmp/qNbFv9J1ty/intel-microcode-3.20221108.2/intel-ucode/06-55-06
and /tmp/Ekjb2KZejs/intel-microcode-3.20230214.1/intel-ucode/06-55-06 differ
Binary files /tmp/qNbFv9J1ty/intel-microcode-3.20221108.2/intel-ucode/06-55-07
and /tmp/Ekjb2KZejs/intel-microcode-3.20230214.1/intel-ucode/06-55-07 differ
Binary files /tmp/qNbFv9J1ty/intel-microcode-3.20221108.2/intel-ucode/06-55-0b