Bug#954023: stretch-pu: package amd64-microcode/3.20181128.1~deb9u1

["Adam D. Barratt" <adam@adam-barratt.org.uk>]

Hi Henrique,

On Sun, 2020-03-15 at 21:37 +0100, Anton Gladky wrote:
> I have prepared an update for amd64-microcode for Debian Stretch,
> which fixes CVE-2017-5715. Please see an attached debdiff.
> 
> This is the newer upstream version, which fixes CVE-2017-5715.
> Security team marked this CVE for Stretch as <no-dsa> [1].

Do you have any input / thoughts on this proposed update?

This would pull stretch's amd64-microcode to the version that's
currently in stretch-backports and buster. That's an update for stretch
from 2016 -> 2018, but still behind unstable and testing, which have a
2019 package.

The complete set of package versions is currently:

amd64-microcode | 2.20160316.1~deb8u1 | oldoldstable/non-free      | source, amd64, i386
amd64-microcode | 3.20160316.3        | oldstable/non-free         | source, amd64, i386
amd64-microcode | 3.20181128.1~bpo9+1 | stretch-backports/non-free | source, amd64, i386
amd64-microcode | 3.20181128.1~deb8u1 | oldoldstable/updates/non-free | source, amd64, i386
amd64-microcode | 3.20181128.1        | stable/non-free            | source, amd64, i386
amd64-microcode | 3.20191218.1        | testing/non-free           | source, amd64, i386
amd64-microcode | 3.20191218.1        | unstable/non-free          | source, amd64, i386

Regards,

Adam