[Git][security-tracker-team/security-tracker][master] Reserve DLA-3808-1 for intel-microcode

Tobias Frost (@tobi) tobi at debian.org
Sat May 4 16:16:19 BST 2024 


Tobias Frost pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b2394717 by Tobias Frost at 2024-05-04T17:15:59+02:00
Reserve DLA-3808-1 for intel-microcode

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -17884,35 +17884,30 @@ CVE-2023-43490 (Incorrect calculation in microcode keying mechanism for some Int
 	- intel-microcode 3.20240312.1 (bug #1066108)
 	[bookworm] - intel-microcode <postponed> (Decide after exposure on unstable for update)
 	[bullseye] - intel-microcode <postponed> (Decide after exposure on unstable for update)
-	[buster] - intel-microcode <postponed> (Decide after exposure on unstable for update)
 	NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01045.html
 	NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20240312
 CVE-2023-39368 (Protection mechanism failure of bus lock regulator for some Intel(R) P ...)
 	- intel-microcode 3.20240312.1 (bug #1066108)
 	[bookworm] - intel-microcode <postponed> (Decide after exposure on unstable for update)
 	[bullseye] - intel-microcode <postponed> (Decide after exposure on unstable for update)
-	[buster] - intel-microcode <postponed> (Decide after exposure on unstable for update)
 	NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00972.html
 	NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20240312
 CVE-2023-38575 (Non-transparent sharing of return predictor targets between contexts i ...)
 	- intel-microcode 3.20240312.1 (bug #1066108)
 	[bookworm] - intel-microcode <postponed> (Decide after exposure on unstable for update)
 	[bullseye] - intel-microcode <postponed> (Decide after exposure on unstable for update)
-	[buster] - intel-microcode <postponed> (Decide after exposure on unstable for update)
 	NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00982.html
 	NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20240312
 CVE-2023-22655 (Protection mechanism failure in some 3rd and 4th Generation Intel(R) X ...)
 	- intel-microcode 3.20240312.1 (bug #1066108)
 	[bookworm] - intel-microcode <postponed> (Decide after exposure on unstable for update)
 	[bullseye] - intel-microcode <postponed> (Decide after exposure on unstable for update)
-	[buster] - intel-microcode <postponed> (Decide after exposure on unstable for update)
 	NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00960.html
 	NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20240312
 CVE-2023-28746 (Information exposure through microarchitectural state after transient  ...)
 	- intel-microcode 3.20240312.1 (bug #1066108)
 	[bookworm] - intel-microcode <postponed> (Decide after exposure on unstable for update)
 	[bullseye] - intel-microcode <postponed> (Decide after exposure on unstable for update)
-	[buster] - intel-microcode <postponed> (Decide after exposure on unstable for update)
 	- linux 6.7.9-2
 	[bookworm] - linux 6.1.82-1
 	- xen <unfixed>


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[04 May 2024] DLA-3808-1 intel-microcode - security update
+	{CVE-2023-22655 CVE-2023-28746 CVE-2023-38575 CVE-2023-39368 CVE-2023-43490}
+	[buster] - intel-microcode 3.20240312.1~deb10u1
 [04 May 2024] DLA-3807-1 glibc - security update
 	{CVE-2024-2961}
 	[buster] - glibc 2.28-10+deb10u3


=====================================
data/dla-needed.txt
=====================================
@@ -105,12 +105,6 @@ i2p
   NOTE: 20230809: Added by Front-Desk (Beuc)
   NOTE: 20230809: Experimental issue-based workflow: please self-assign and follow https://salsa.debian.org/lts-team/lts-updates-tasks/-/issues/28
 --
-intel-microcode (tobi)
-  NOTE: 20240502: Added by Front-Desk (Beuc)
-  NOTE: 20240502: Update being tested in unstable,
-  NOTE: 20240502: (CVE-2023-22655 CVE-2023-28746 CVE-2023-38575 CVE-2023-39368 CVE-2023-43490)
-  NOTE: 20240502: Follow PU: #1068082 and #1068084 (Beuc/front-desk)
---
 jenkins-htmlunit-core-js
   NOTE: 20231231: Added by Front-Desk (lamby)
   NOTE: 20231231: Needs checking that this is definitely vulnerable: a quick glance



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b23947176c7ede9a9b9260cbea8ad041a135fe44

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b23947176c7ede9a9b9260cbea8ad041a135fe44
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240504/23364836/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list