On 3/25/22 03:24, Leandro Cunha wrote: > Hi, > > On Wed, Mar 23, 2022 at 6:18 PM Georgi Naplatanov <go...@oles.biz> wrote: >> >> On 3/23/22 22:43, Leandro Cunha wrote: >>> Hi, >>> >>> On Wed, Mar 23, 2022 at 2:33 PM Georgi Naplatanov <go...@oles.biz> wrote: >>>> >>>> On 3/23/22 18:35, piorunz wrote: >>>>> On 23/03/2022 15:41, Leandro Cunha wrote: >>>>> >>>>>> Please, take into consideration what is in the link and you can >>>>>> consult through >>>>>> it about CVE: https://security-tracker.debian.org/tracker/CVE-2017-5715 >>>>> >>>>> Leandro, >>>>> I've been on this website before I posted with spectre-meltdown-checker >>>>> results. I have vulnerable status just like author of this topic. I am >>>>> on intel-microcode 3.20210608.2, and by the look of it, this bug >>>>> supposed to be fixed in: >>>>> >>>>> "intel-microcode: Some microcode updates to partially adress >>>>> CVE-2017-5715 included in 3.20171215.1 >>>>> Further updates in 3.20180312.1" >>>>> >>>>> So my version of microcode is 3-4 years newer than that. >>>>> >>>>> Is it microcode problem, or spectre-meltdown-checker displaying wrong >>>>> information, or something else entirely? >>>>> >>>> >>>> I want to mention that on the same computer with kernel Debian 5.10.92-2 >>>> >>>> spectre-meltdown-checker >>>> >>>> reports that the system is not vulnerable to CVE-2017-5715 >>>> >>>> Kind regards >>>> Georgi >>>> >>> >>> This script is reporting an already patched CVE as vulnerable. >> >> >> Are you sure this behavior on 5.10.103-1 is not some kind of regression? >> What is the evidence that vulnerability is still fixed? >> >> >> Kind regards >> Georgi >> > > When replying to your email I was aware of the script issue that was reporting > several already resolved CVEs as unresolved. As Salvatore sent the issue link. > But it seems to me that this problem was solved 7 days ago, it would be > interesting if there was an update or a backport to stable. >
Hi Leandro, I also think that an update would be nice. Kind regards Georgi