On Thu, 2018-01-11 at 12:23 +0100, Julien Aubin wrote: > Le 11 janv. 2018 12:19, "Luca Boccassi" <bl...@debian.org> a écrit : > > On Wed, 2018-01-10 at 23:58 +0100, Andreas Beckmann wrote: > > On 2018-01-10 15:25, Luca Boccassi wrote: > > > I'm a little confused as what their blobs could possible have to > > > do > > > with spectre/meltdown to be honest > > > > meltdown does not seem to be an issue, but for spectre it is not > > neccessarily the GPU bits being fixed, but the CPU side of the > > driver > > - > > which can run untrusted user supplied code (e.g. compiling shaders) > > ... > > that could be comparable to the sandboxed javascript in the browser > > accessing all the browser memory. > > Ah I see, makes sense. > > > > - but in general it sounds like a > > > good idea to move 384 to stable-p-u, since it's won't be the last > > > CVE > > > we get and as you said 375 is dead and buried. > > > > > > Andreas, what do you think? > > > > Just uploaded to stretch-backports, will need to go through > > backports-new. > > Untested on my side - please try it out :-) > > > > > > Andreas > > Thanks, will try it out later tonight and report back - I already had > manually built a locally merged version and it seemed to work fine so > I > don't expect issues. > > -- > Kind regards, > Luca Boccassi > > > Hi > > If there is something like bpo-new for the bpo repo (as well as > stable-proposed-updates exists) I would be happy to test as well. > > I prefer avoiding to build the packages myself in order to avoid > building > some kind of tainted package
It was accepted into bpo, so you'll be able to install it from stretch- backports sometimes later today -- Kind regards, Luca Boccassi
signature.asc
Description: This is a digitally signed message part
