Package: intel-microcode Version: 3.20171117.1~bpo9+1 Severity: critical Tags: security Justification: root security hole
Hi, As of now intel-microcode of stretch is still set to 20170707 (20171117 through bpo) which lets users vulnerable to Spectre attack CVE-2017-5715. Could you please bring quickly the microcode update to stretch, at least on bpo ? Thanks a lot -- System Information: Debian Release: 9.3 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.9.0-5-amd64 (SMP w/8 CPU cores) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE= (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages intel-microcode depends on: ii iucode-tool 2.1.1-1 Versions of packages intel-microcode recommends: ii initramfs-tools 0.130 intel-microcode suggests no packages. -- no debconf information