Tobias Frost pushed to branch master at Debian Security Tracker / security-tracker
Commits: b2394717 by Tobias Frost at 2024-05-04T17:15:59+02:00 Reserve DLA-3808-1 for intel-microcode - - - - - 3 changed files: - data/CVE/list - data/DLA/list - data/dla-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -17884,35 +17884,30 @@ CVE-2023-43490 (Incorrect calculation in microcode keying mechanism for some Int - intel-microcode 3.20240312.1 (bug #1066108) [bookworm] - intel-microcode <postponed> (Decide after exposure on unstable for update) [bullseye] - intel-microcode <postponed> (Decide after exposure on unstable for update) - [buster] - intel-microcode <postponed> (Decide after exposure on unstable for update) NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01045.html NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20240312 CVE-2023-39368 (Protection mechanism failure of bus lock regulator for some Intel(R) P ...) - intel-microcode 3.20240312.1 (bug #1066108) [bookworm] - intel-microcode <postponed> (Decide after exposure on unstable for update) [bullseye] - intel-microcode <postponed> (Decide after exposure on unstable for update) - [buster] - intel-microcode <postponed> (Decide after exposure on unstable for update) NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00972.html NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20240312 CVE-2023-38575 (Non-transparent sharing of return predictor targets between contexts i ...) - intel-microcode 3.20240312.1 (bug #1066108) [bookworm] - intel-microcode <postponed> (Decide after exposure on unstable for update) [bullseye] - intel-microcode <postponed> (Decide after exposure on unstable for update) - [buster] - intel-microcode <postponed> (Decide after exposure on unstable for update) NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00982.html NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20240312 CVE-2023-22655 (Protection mechanism failure in some 3rd and 4th Generation Intel(R) X ...) - intel-microcode 3.20240312.1 (bug #1066108) [bookworm] - intel-microcode <postponed> (Decide after exposure on unstable for update) [bullseye] - intel-microcode <postponed> (Decide after exposure on unstable for update) - [buster] - intel-microcode <postponed> (Decide after exposure on unstable for update) NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00960.html NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20240312 CVE-2023-28746 (Information exposure through microarchitectural state after transient ...) - intel-microcode 3.20240312.1 (bug #1066108) [bookworm] - intel-microcode <postponed> (Decide after exposure on unstable for update) [bullseye] - intel-microcode <postponed> (Decide after exposure on unstable for update) - [buster] - intel-microcode <postponed> (Decide after exposure on unstable for update) - linux 6.7.9-2 [bookworm] - linux 6.1.82-1 - xen <unfixed> ===================================== data/DLA/list ===================================== @@ -1,3 +1,6 @@ +[04 May 2024] DLA-3808-1 intel-microcode - security update + {CVE-2023-22655 CVE-2023-28746 CVE-2023-38575 CVE-2023-39368 CVE-2023-43490} + [buster] - intel-microcode 3.20240312.1~deb10u1 [04 May 2024] DLA-3807-1 glibc - security update {CVE-2024-2961} [buster] - glibc 2.28-10+deb10u3 ===================================== data/dla-needed.txt ===================================== @@ -105,12 +105,6 @@ i2p NOTE: 20230809: Added by Front-Desk (Beuc) NOTE: 20230809: Experimental issue-based workflow: please self-assign and follow https://salsa.debian.org/lts-team/lts-updates-tasks/-/issues/28 -- -intel-microcode (tobi) - NOTE: 20240502: Added by Front-Desk (Beuc) - NOTE: 20240502: Update being tested in unstable, - NOTE: 20240502: (CVE-2023-22655 CVE-2023-28746 CVE-2023-38575 CVE-2023-39368 CVE-2023-43490) - NOTE: 20240502: Follow PU: #1068082 and #1068084 (Beuc/front-desk) --- jenkins-htmlunit-core-js NOTE: 20231231: Added by Front-Desk (lamby) NOTE: 20231231: Needs checking that this is definitely vulnerable: a quick glance View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b23947176c7ede9a9b9260cbea8ad041a135fe44 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b23947176c7ede9a9b9260cbea8ad041a135fe44 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits