severity 887856 grave block 887856 by 886998 thanks On Sat, 20 Jan 2018, Julien Aubin wrote: > As of now intel-microcode of stretch is still set to 20170707 (20171117 > through > bpo) which lets users vulnerable to Spectre attack CVE-2017-5715. Could you > please bring quickly the microcode update to stretch, at least on bpo ?
Please refer to bug #886998 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=886998 We will wait for a new, official Intel microcode release before we consider updating the intel-microcode package in stable and backports. Users that want the known-faulty microcode release 20180108 regardless of the *high* risk of data loss and crashes, may make an informed decision to fetch the packages from Debian testing or Debian unstable, and install them manually. The same binary packages are compatible with Debian 8, Debian 9, testing and unstable: all that changes on the backport releases is the package version, and debian/changelog. -- Henrique Holschuh