Hi Adam, > Anton, do you have any idea how widespread use of the existing stretch- > backports package has been?
No, I do not have this information. If you are not sure - feel free to reject this request. Best regards Anton Am Do., 2. Juli 2020 um 22:14 Uhr schrieb Adam D. Barratt < a...@adam-barratt.org.uk>: > Apologies for letting this sit for a while. > > On Mon, 2020-03-23 at 18:08 -0300, Henrique de Moraes Holschuh wrote: > > On Sat, 21 Mar 2020, Adam D. Barratt wrote: > > > On Sun, 2020-03-15 at 21:37 +0100, Anton Gladky wrote: > > > > I have prepared an update for amd64-microcode for Debian Stretch, > > > > which fixes CVE-2017-5715. Please see an attached debdiff. > > > > > > > > This is the newer upstream version, which fixes CVE-2017-5715. > > > > Security team marked this CVE for Stretch as <no-dsa> [1]. > > > > > > Do you have any input / thoughts on this proposed update? > > > > The microcode might be safe enough, we don't have regressions > > reported against the lastest one (which is just a revert by AMD of an > > update that did cause regressions when not applied through UEFI). > > > > But that's with recent kernels. > > > > I have no idea about the kernel codepaths it might activate, though, > > if new MSRs are exposed. > > I'm torn as to what to do with this request, given that we're about to > hit the EOL point release for stretch. > > Anton, do you have any idea how widespread use of the existing stretch- > backports package has been? > > Regards, > > Adam > >
