[Secure-testing-team] Bug#887856: intel-microcode: Spectre / Meltdown : bring intel-microcode 20180104 to stretch
Henrique de Moraes Holschuh
hmh at debian.org
Sun Jan 21 09:47:35 UTC 2018
severity 887856 grave
block 887856 by 886998
thanks
On Sat, 20 Jan 2018, Julien Aubin wrote:
> As of now intel-microcode of stretch is still set to 20170707 (20171117
> through
> bpo) which lets users vulnerable to Spectre attack CVE-2017-5715. Could you
> please bring quickly the microcode update to stretch, at least on bpo ?
Please refer to bug #886998
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=886998
We will wait for a new, official Intel microcode release before we
consider updating the intel-microcode package in stable and backports.
Users that want the known-faulty microcode release 20180108 regardless
of the *high* risk of data loss and crashes, may make an informed
decision to fetch the packages from Debian testing or Debian unstable,
and install them manually. The same binary packages are compatible with
Debian 8, Debian 9, testing and unstable: all that changes on the
backport releases is the package version, and debian/changelog.
--
Henrique Holschuh
More information about the Secure-testing-team
mailing list