[Git][security-tracker-team/security-tracker][master] Add note on second batch of microcode fixes

Moritz Muehlenhoff jmm at debian.org
Wed Aug 29 12:51:27 BST 2018 

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
37a28412 by Moritz Muehlenhoff at 2018-08-29T11:50:52Z
Add note on second batch of microcode fixes

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -33203,8 +33203,8 @@ CVE-2018-3646 (Systems with microprocessors utilizing speculative execution and
 	NOTE: https://git.kernel.org/linus/958f338e96f874a0d29442396d6adf9c1e17aa2d
 	NOTE: https://xenbits.xen.org/xsa/advisory-273.html
 	NOTE: Updates were already shipped with 20180703 release, but only disclosed later, see #906158
-	NOTE: The fixed version for intel-microcode designates the first batch of updates which targeted most server CPUs,
-	NOTE: later followup releases (for some desktop class CPUs) will be commented separately
+	NOTE: The 3.20180703.1 release for intel-microcode was the first batch of updates which targeted
+	NOTE: most server type CPUs, additional models were supported in the 3.20180807a.1 release
 CVE-2018-3645 (Escalation of privilege in all versions of the Intel Remote Keyboard ...)
 	NOT-FOR-US: Intel
 CVE-2018-3644
@@ -33221,8 +33221,8 @@ CVE-2018-3640 (Systems with microprocessors utilizing speculative execution and
 	NOTE: https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability
 	NOTE: No software mitigations planned to be implemented in src:linux
 	NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html
-	NOTE: The fixed version designates the first batch of updates which targeted most server CPUs,
-	NOTE: later followup releases (for some desktop class CPUs) will be commented separately
+	NOTE: The 3.20180703.1 release for intel-microcode was the first batch of updates which targeted
+	NOTE: most server type CPUs, additional models were supported in the 3.20180807a.1 release
 CVE-2018-3639 (Systems with microprocessors utilizing speculative execution and ...)
 	{DSA-4273-1 DSA-4210-1 DLA-1446-1 DLA-1423-1}
 	- intel-microcode 3.20180703.1
@@ -33233,8 +33233,8 @@ CVE-2018-3639 (Systems with microprocessors utilizing speculative execution and
 	NOTE: https://xenbits.xen.org/xsa/advisory-263.html
 	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1528
 	NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html
-	NOTE: The fixed version for intel-microcode designates the first batch of updates which targeted most server CPUs,
-	NOTE: later followup releases (for some desktop class CPUs) will be commented separately
+	NOTE: The 3.20180703.1 release for intel-microcode was the first batch of updates which targeted
+	NOTE: most server type CPUs, additional models were supported in the 3.20180807a.1 release
 CVE-2018-3638 (Escalation of privilege in all versions of the Intel Remote Keyboard ...)
 	NOT-FOR-US: Intel
 CVE-2018-3637
@@ -33281,8 +33281,8 @@ CVE-2018-3620 (Systems with microprocessors utilizing speculative execution and
 	NOTE: https://foreshadowattack.eu/
 	NOTE: https://git.kernel.org/linus/958f338e96f874a0d29442396d6adf9c1e17aa2d
 	NOTE: https://xenbits.xen.org/xsa/advisory-273.html
-	NOTE: The fixed version for intel-microcode designates the first batch of updates which targeted most server CPUs,
-	NOTE: later followup releases (for some desktop class CPUs) will be commented separately
+	NOTE: The 3.20180703.1 release for intel-microcode was the first batch of updates which targeted
+	NOTE: most server type CPUs, additional models were supported in the 3.20180807a.1 release
 CVE-2018-3619 (Information disclosure vulnerability in storage media in systems with ...)
 	NOT-FOR-US: Intel
 CVE-2018-3618
@@ -33295,8 +33295,8 @@ CVE-2018-3615 (Systems with microprocessors utilizing speculative execution and
 	- intel-microcode 3.20180703.1
 	NOTE: https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault
 	NOTE: https://foreshadowattack.eu/
-	NOTE: The fixed version designates the first batch of updates which targeted most server CPUs,
-	NOTE: later followup releases (for some desktop class CPUs) will be commented separately
+	NOTE: The 3.20180703.1 release for intel-microcode was the first batch of updates which targeted
+	NOTE: most server type CPUs, additional models were supported in the 3.20180807a.1 release
 CVE-2018-3614
 	RESERVED
 CVE-2018-3613



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/37a28412ff452f5f4c40f01d7f5726b5b41d9ffd

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/37a28412ff452f5f4c40f01d7f5726b5b41d9ffd
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180829/484f3977/attachment.html>

More information about the debian-security-tracker-commits mailing list