Bug#1008181: marked as done (spectre-meltdown-checker: False positive for CVE-2017-5715 due to failing to detect retpolines)

[Debian Bug Tracking System]

Your message dated Mon, 28 Mar 2022 20:38:46 +0000
with message-id <e1nyw8u-000inl...@fasolo.debian.org>
and subject line Bug#1008181: fixed in spectre-meltdown-checker 0.45-1
has caused the Debian Bug report #1008181,
regarding spectre-meltdown-checker: False positive for CVE-2017-5715 due to 
failing to detect retpolines
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1008181: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1008181
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Source: spectre-meltdown-checker
Version: 0.44-3
Severity: normal
Tags: upstream fixed-upstream
Forwarded: https://github.com/speed47/spectre-meltdown-checker/issues/420
X-Debbugs-Cc: car...@debian.org

Hi Holger,

spectre-meltdown-checker has false positive for CVE-2017-5715 due to
the changes in Linux upstream applied for the Spectre-BHB variant, and
switching to generic retpolines.

Cf. https://www.vusec.net/projects/bhi-spectre-bhb/ and DSA-5095-1 and
DSA-5096-1.

Upstream has adjusted the test following from
https://github.com/speed47/spectre-meltdown-checker/issues/420 .

Regards,
Salvatore

--- End Message ---

--- Begin Message ---

Source: spectre-meltdown-checker
Source-Version: 0.45-1
Done: Sylvestre Ledru <sylves...@debian.org>

We believe that the bug you reported is fixed in the latest version of
spectre-meltdown-checker, which is due to be installed in the Debian FTP 
archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1008...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Sylvestre Ledru <sylves...@debian.org> (supplier of updated 
spectre-meltdown-checker package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Mon, 28 Mar 2022 21:55:47 +0200
Source: spectre-meltdown-checker
Architecture: source
Version: 0.45-1
Distribution: unstable
Urgency: medium
Maintainer: Sylvestre Ledru <sylves...@debian.org>
Changed-By: Sylvestre Ledru <sylves...@debian.org>
Closes: 1008181
Changes:
 spectre-meltdown-checker (0.45-1) unstable; urgency=medium
 .
   * New upstream release (Closes: #1008181)
Checksums-Sha1:
 4b0e48588d85954941c8576a00e5093eab79fe81 2066 
spectre-meltdown-checker_0.45-1.dsc
 4b2cbe3fb7547341abe089e643ffbc9c7fd200bc 64268 
spectre-meltdown-checker_0.45.orig.tar.gz
 5f9f976c6a2bbc883e76a3a64e5252433fbc6a67 2640 
spectre-meltdown-checker_0.45-1.debian.tar.xz
 c217a86859440a7f6eff29da1dd76737d357bf33 6187 
spectre-meltdown-checker_0.45-1_amd64.buildinfo
Checksums-Sha256:
 fa2ab55cd4e4c4cc758787809e0d75001d1869cdf0f34496277a11ddaa51ae67 2066 
spectre-meltdown-checker_0.45-1.dsc
 32db6b73b9a3b08c165cac39446c856a07ac3d17c6b556ce08a9e99dd5600ea7 64268 
spectre-meltdown-checker_0.45.orig.tar.gz
 80520f7557d1f4630af38a9ee563e99912fec67f27b6f0b9460d48cb3de9b936 2640 
spectre-meltdown-checker_0.45-1.debian.tar.xz
 d24a100837ce42c71e53590fc9c3ea2c99044f76790fc3ed7a7d14b4ac1a8e75 6187 
spectre-meltdown-checker_0.45-1_amd64.buildinfo
Files:
 b3cb4a91a315c5c59ab909d8c443851b 2066 kernel optional 
spectre-meltdown-checker_0.45-1.dsc
 cc0d32e1652dab52536220cb28562292 64268 kernel optional 
spectre-meltdown-checker_0.45.orig.tar.gz
 a4cdd161ad4efc8353634d3349ff1f64 2640 kernel optional 
spectre-meltdown-checker_0.45-1.debian.tar.xz
 18bdee1d498f1c560dae6028dd9c1537 6187 kernel optional 
spectre-meltdown-checker_0.45-1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEtg21mU05vsTRqVzPfmUo2nUvG+EFAmJCE/YACgkQfmUo2nUv
G+G84A//dex5FjIwbgjv/70l++c+FxdqtdiNDPVbXYEc+UWTr2cRKLMA0xrR9PSh
NFuoEHIQ4VCqzpkj/ouCo5S0gzLe3H653aCCK+WbbUGYuGFgJeEtQO3eyUGbiVX4
4Ivqz0z6mm/Dc1+nUvAeI3Gt8Y1BC0a54GqZgM0FkXRB/bBk08wpzuKkOFuhRiGq
rhO5/A+5DfjRRNNPY/+XMcPKjrmSDNpnmlx9lkgQcTPSx/LX+X7l7MayvNapycSH
Ay73PRLtKIdSj8UzGzty5OfWWRnah7O0nQYyUg3MqUVtSMYHb+Pdzz7K44QLKbjf
OBMSVAK9bTatnkCYctN2Uf+2OV9OAul7mmXKCrMVXn/G4vCiWbq03Xb1FYSCKUVS
BpDYoZdqQPRG07ptUye3WH2IpnkTdUkwzhXovO7Wx/LC0OaepoCvaWqs80PV/4pl
6Xg0iW8Dw2nrTHGaZXWomc/W1mIMORxyQ/5bbs71uKpNwy+2OsmHtTd3SBYEceS9
c/6IGuBW7zWbRk5WcRKe/wW8b5nT3n5jFqIA39DZLBRZBFM1tszODxlkznzz3ZpE
ny7oYxZMRxHzmQ5BzVbwOBgMdsay2oLIExBwxPlGkx0heSYOYX8/+cDvfCHxHRGP
xFBspekgCJJ/792n6MkM3bqKzsQ1fkpX4iyr1k2DPWBLAOokKBI=
=ZUph
-----END PGP SIGNATURE-----

--- End Message ---