Le 11 janv. 2018 12:19, "Luca Boccassi" <bl...@debian.org> a écrit :
On Wed, 2018-01-10 at 23:58 +0100, Andreas Beckmann wrote: > On 2018-01-10 15:25, Luca Boccassi wrote: > > I'm a little confused as what their blobs could possible have to do > > with spectre/meltdown to be honest > > meltdown does not seem to be an issue, but for spectre it is not > neccessarily the GPU bits being fixed, but the CPU side of the driver > - > which can run untrusted user supplied code (e.g. compiling shaders) > ... > that could be comparable to the sandboxed javascript in the browser > accessing all the browser memory. Ah I see, makes sense. > > - but in general it sounds like a > > good idea to move 384 to stable-p-u, since it's won't be the last > > CVE > > we get and as you said 375 is dead and buried. > > > > Andreas, what do you think? > > Just uploaded to stretch-backports, will need to go through > backports-new. > Untested on my side - please try it out :-) > > > Andreas Thanks, will try it out later tonight and report back - I already had manually built a locally merged version and it seemed to work fine so I don't expect issues. -- Kind regards, Luca Boccassi Hi If there is something like bpo-new for the bpo repo (as well as stable-proposed-updates exists) I would be happy to test as well. I prefer avoiding to build the packages myself in order to avoid building some kind of tainted package
