[Git][security-tracker-team/security-tracker][master] Mark CVE-2020-054{8,9} as no-dsa for buster and stretch
Salvatore Bonaccorso
carnil at debian.org
Wed Feb 5 20:04:40 GMT 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
6499725e by Salvatore Bonaccorso at 2020-02-05T21:02:23+01:00
Mark CVE-2020-054{8,9} as no-dsa for buster and stretch
If all migitgations for TAA and MDS are applied the impact is low for
these issues. Furthremore there will be not Linux fixes. Intel will
likely release updates for intel-microcode additionally covering
CVE-2020-0548 and CVE-2020-0549 in one of the next IPUs (possibly in
march).
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -21520,11 +21520,15 @@ CVE-2020-0550
RESERVED
CVE-2020-0549 (Cleanup errors in some data cache evictions for some Intel(R) Processo ...)
- intel-microcode <unfixed>
+ [buster] - intel-microcode <no-dsa> (Minor issue; low impact if all mitigations for TAA and MDS were already previously applied)
+ [stretch] - intel-microcode <no-dsa> (Minor issue; low impact if all mitigations for TAA and MDS were already previously applied)
NOTE: https://software.intel.com/security-software-guidance/software-guidance/l1d-eviction-sampling
NOTE: https://cacheoutattack.com/
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00329.html
CVE-2020-0548 (Cleanup errors in some Intel(R) Processors may allow an authenticated ...)
- intel-microcode <unfixed>
+ [buster] - intel-microcode <no-dsa> (Minor issue; low impact if all mitigations for TAA and MDS were already previously applied)
+ [stretch] - intel-microcode <no-dsa> (Minor issue; low impact if all mitigations for TAA and MDS were already previously applied)
NOTE: https://software.intel.com/security-software-guidance/software-guidance/vector-register-sampling
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00329.html
CVE-2020-0547
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6499725e35d82771150c4d5b5ff7d94e830eca50
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6499725e35d82771150c4d5b5ff7d94e830eca50
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200205/90c40efa/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list