[Git][security-tracker-team/security-tracker][master] Mark CVE-2020-054{8,9} as no-dsa for buster and stretch

Salvatore Bonaccorso carnil at debian.org
Wed Feb 5 20:04:40 GMT 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6499725e by Salvatore Bonaccorso at 2020-02-05T21:02:23+01:00
Mark CVE-2020-054{8,9} as no-dsa for buster and stretch

If all migitgations for TAA and MDS are applied the impact is low for
these issues. Furthremore there will be not Linux fixes. Intel will
likely release updates for intel-microcode additionally covering
CVE-2020-0548 and CVE-2020-0549 in one of the next IPUs (possibly in
march).

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -21520,11 +21520,15 @@ CVE-2020-0550
 	RESERVED
 CVE-2020-0549 (Cleanup errors in some data cache evictions for some Intel(R) Processo ...)
 	- intel-microcode <unfixed>
+	[buster] - intel-microcode <no-dsa> (Minor issue; low impact if all mitigations for TAA and MDS were already previously applied)
+	[stretch] - intel-microcode <no-dsa> (Minor issue; low impact if all mitigations for TAA and MDS were already previously applied)
 	NOTE: https://software.intel.com/security-software-guidance/software-guidance/l1d-eviction-sampling
 	NOTE: https://cacheoutattack.com/
 	NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00329.html
 CVE-2020-0548 (Cleanup errors in some Intel(R) Processors may allow an authenticated  ...)
 	- intel-microcode <unfixed>
+	[buster] - intel-microcode <no-dsa> (Minor issue; low impact if all mitigations for TAA and MDS were already previously applied)
+	[stretch] - intel-microcode <no-dsa> (Minor issue; low impact if all mitigations for TAA and MDS were already previously applied)
 	NOTE: https://software.intel.com/security-software-guidance/software-guidance/vector-register-sampling
 	NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00329.html
 CVE-2020-0547



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6499725e35d82771150c4d5b5ff7d94e830eca50

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6499725e35d82771150c4d5b5ff7d94e830eca50
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200205/90c40efa/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list