Source: firmware-nonfree Severity: important Dear maintainer,
first of all thanks for maintaining and packaging the linux-firmware files repository as debian packages. We currently need to manually obtain the linux-firmware.git:amd/amd_sev_fam17h_model3xh.sbin [1] file on our AMD EPYC servers. The firmware files containing the AMD SEV firmware closing security vulnerabilities [2] and fixes bugs and adds improvements to the AMD SEV implementation. I'm most likely unqualified for legal questions but the LICENSE.amd-sev [3] reads quite similar to the already added amdgpu license [4]. So I hope this is not the reason, why those files were not added in the past. The severity was choosen because it fixes a security vulnerability, please change accordingly if you think it is wrong. Thanks in advance. Best regards, michael [1] https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tree/amd [2] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9836 [3] https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tree/LICENSE.amd-sev [4] https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tree/LICENSE.amdgpu