[kernel-sec-discuss] [Git][kernel-team/kernel-sec][master] Update pending information for Sprectre v2 mitigations

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian kernel team / kernel-sec


Commits:
11644dc8 by Salvatore Bonaccorso at 2018-01-18T06:52:15+01:00
Update pending information for Sprectre v2 mitigations

We mark the versions introducing the initial support for retpoline to
mitigate Spectre variant 2 as the 'fixing' one. Still more work needs to
be done but track with those the initial retpoline support.

- - - - -


1 changed file:

- active/CVE-2017-5715


Changes:

=====================================
active/CVE-2017-5715
=====================================
--- a/active/CVE-2017-5715
+++ b/active/CVE-2017-5715
@@ -8,9 +8,15 @@ Notes:
  carnil> Initial support for mitigation work for Spectre variant 2
  carnil> (indirect branch speculation) vulnerability included in
  carnil> 4.15-rc8, 4.14.14-rc1, 4.9.77-rc1.
+ carnil> Mark the entries which included initial retpoline support
+ carnil> to mitigate Spectre v2 as the 'fixed' ones. Still work on
+ carnil> microcode and/or gcc is needed to be effective.
+ carnil> Unclear if we should as well mark it as pending for the
+ carnil> Debian branches, so not yet added a marking for the sid
+ carnil> branch accordingly.
 Bugs:
-upstream: needed
-4.9-upstream-stable: needed
+upstream: released (4.15-rc8)
+4.9-upstream-stable: released (4.9.77)
 3.16-upstream-stable: needed
 3.2-upstream-stable: needed
 sid: needed



View it on GitLab: https://salsa.debian.org/kernel-team/kernel-sec/commit/11644dc815738f472b876054ee96d5a45cca6016

---
View it on GitLab: https://salsa.debian.org/kernel-team/kernel-sec/commit/11644dc815738f472b876054ee96d5a45cca6016
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/kernel-sec-discuss/attachments/20180118/89ea6cdc/attachment.html>