Your message dated Wed, 26 Jul 2023 07:32:08 +0000 with message-id <e1qoz0c-002rto...@fasolo.debian.org> and subject line Bug#1041863: fixed in amd64-microcode 3.20230719.1~deb12u1 has caused the Debian Bug report #1041863, regarding amd64-microcode: CVE-2023-20593: use-after-free in AMD Zen2 processors to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1041863: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1041863 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: amd64-microcode Version: 3.20230414.1 Severity: grave Tags: security upstream Justification: user security hole X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Control: found -1 3.20191218.1 Hi, The following vulnerability was published for amd64-microcode. CVE-2023-20593[0]: | use-after-free in AMD Zen2 processors Merge request at [2]. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-20593 https://www.cve.org/CVERecord?id=CVE-2023-20593 [1] https://lock.cmpxchg8b.com/zenbleed.html [2] https://salsa.debian.org/hmh/amd64-microcode/-/merge_requests/5 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: amd64-microcode Source-Version: 3.20230719.1~deb12u1 Done: Henrique de Moraes Holschuh <h...@debian.org> We believe that the bug you reported is fixed in the latest version of amd64-microcode, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1041...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Henrique de Moraes Holschuh <h...@debian.org> (supplier of updated amd64-microcode package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 24 Jul 2023 13:55:18 -0300 Source: amd64-microcode Architecture: source Version: 3.20230719.1~deb12u1 Distribution: bookworm-security Urgency: high Maintainer: Henrique de Moraes Holschuh <h...@debian.org> Changed-By: Henrique de Moraes Holschuh <h...@debian.org> Closes: 1041863 Changes: amd64-microcode (3.20230719.1~deb12u1) bookworm-security; urgency=high . * Rebuild for bookworm-security (no changes) . amd64-microcode (3.20230719.1) unstable; urgency=high . * Update package data from linux-firmware 20230625-39-g59fbffa9: * Fixes for CVE-2023-20593 "Zenbleed" on AMD Zen2 processors (closes: #1041863) * New Microcode patches: + Family=0x17 Model=0xa0 Stepping=0x00: Patch=0x08a00008 * Updated Microcode patches: + Family=0x17 Model=0x31 Stepping=0x00: Patch=0x0830107a + Family=0x19 Model=0x01 Stepping=0x00: Patch=0x0a001079 + Family=0x19 Model=0x01 Stepping=0x01: Patch=0x0a0011d1 + Family=0x19 Model=0x01 Stepping=0x02: Patch=0x0a001234 * README: update for new release Checksums-Sha1: 659827cb6402db2171073c12a758a7ead166661b 1727 amd64-microcode_3.20230719.1~deb12u1.dsc 503a1ba278671ace99973c8c9e401ced94edf09c 120696 amd64-microcode_3.20230719.1~deb12u1.tar.xz 5c800697c493b029ea2bc2dd30426a9dde2b17a7 6020 amd64-microcode_3.20230719.1~deb12u1_amd64.buildinfo Checksums-Sha256: cbfa3fe7bc1842f51a5828395566320056554953233c0a7ed02106106f11f651 1727 amd64-microcode_3.20230719.1~deb12u1.dsc d01bdba711b6eb9802b9e0475ad2d79cd0e3bf29269869938c1f8285426258a6 120696 amd64-microcode_3.20230719.1~deb12u1.tar.xz 42ddb21f01ba085dbbcf33645afae9ca1051e3819b7b1683553be4a95acbeecd 6020 amd64-microcode_3.20230719.1~deb12u1_amd64.buildinfo Files: e75d37b796c5c1cd4441154bb33afac8 1727 non-free-firmware/admin standard amd64-microcode_3.20230719.1~deb12u1.dsc 021327fd855dcf530b6cc8e8d6cd2e31 120696 non-free-firmware/admin standard amd64-microcode_3.20230719.1~deb12u1.tar.xz dcda17ac39a2e0f539168944be9e2b5c 6020 non-free-firmware/admin standard amd64-microcode_3.20230719.1~deb12u1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEIXEYtQeAQUHyKjs9TkVcVzAplOQFAmS+zQwACgkQTkVcVzAp lOTcbA/+Mgu7THGitjENskJPp/zqGlxgrgFWMBAZaF9NBChlTZ7TKDZ2NVFJm2Ds x/ZIL2PlSkFidO7L7unccloQ4ZHXkMwH2oWM1gWzjRY40SK05s4chDFzTd8G/QYS NVJ2045dl3s6XI/VLd/FPkWnb2k1/Z2I+4+7T221XjfDZrZ2uvF0sIeDAkw1siXQ PG7kFJGWH8SKxbiBxUSXpahluo6SgH1mNXvoCeAPoxD40oDxLLatB81P+4OfH6wU 6vAOZLpKMFBowRHcig/oEApypNQyHFlUqRgh8D7XPYcQSSeYRCVn6G0FLJBWTICy aiPCXe9/eVA1rOb5hh0LRMMcEicvLFvm42Qf+yn2IfFEIU00vEIk03va5SipeTaD 3Oid/rmykn0jtcVADOca0SOTd2Yz0kmbQGz2O1QXnSzaU4Zw8eQ0dAcQal8POu5k 5oXqKa1Ik54vfouVygyMw0MGS6yqH3mwXYKQlLfCkdUEoCe8HE0XPbpcZR14LHMe W4fxqvjXw99h82BYmOyufwfqjfN5Gv4a0uQXsadRjy5ZcoFx08L8GMeVk5lpfGcN 96Faa1Ll5lDe40puMkrKh+IqoGBNaF1Vd/PkNb9I+xG+06Ptr3zkBFC2NjDtMbgt LRDQ0nrTsFQi+lJdoiN8TScZQJdDShC6HUQCCy0AZustbjcrkGs= =W3XN -----END PGP SIGNATURE-----
--- End Message ---
