[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1033079: bullseye-pu: package intel-microcode/3.20230214.1~deb11u1

Am 17. März 2023 19:18:50 UTC schrieb Salvatore Bonaccorso <carnil@debian.org>:
>
>On Thu, Mar 16, 2023 at 04:06:29PM +0100, Tobias Frost wrote:
>> Package: release.debian.org
>> Severity: normal
>> Tags: bullseye
>> User: release.debian.org@packages.debian.org
>> Usertags: pu
>> X-Debbugs-Cc: intel-microcode@packages.debian.org, Salvatore Bonaccorso <carnil@debian.org>
>> Control: affects -1 + src:intel-microcode
>> 
>> (Please refer to #1032847#12 for security team's feedback
>> that this should go through SPU.)
>> 
>> The upload updates intel microcodes to target (See #1031334)
>>        - INTEL-SA-00700: CVE-2022-21216
>>        - INTEL-SA-00730: CVE-2022-33972
>>        - INTEL-SA-00738: CVE-2022-33196
>>        - INTEL-SA-00767: CVE-2022-38090
>> 
>> the CVEs are information disclosure via local access vulnerbilities and
>> potential privilege escalations.
>
>Note that speaking of fixed CVEs, for bullseye and older with the
>upload CVE-2022-21233 get fixed as well (this one was as well not
>warranting a DSA, it is as well SGX releated).

yes, this CVE is fixed in  3.20220809.1, which is part of this update. 
to make sure i don't miss it: i thought i do not need to repeat the cve in d/changelog if it is mentioned in earlier d/changelog entries, right?

>Regards,
>Salvatore
Reply to: