Re: Question on CVE-2017-5754 on Debian 8.9

To: debian-user@lists.debian.org
Subject: Re: Question on CVE-2017-5754 on Debian 8.9
From: Vincent Lefevre <vincent@vinc17.net>
Date: Wed, 24 Jan 2018 15:11:19 +0100
Message-id: <[🔎] 20180124141119.GA13787@cventin.lip.ens-lyon.fr>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 3e5cng63hf4jv8@mids.svenhartge.de>
References: <[🔎] CANc=Sd2xgWZH7N=RPML7C5=M74EDAN99RAd2hi9cbLt7d+rjdg@mail.gmail.com> <[🔎] CANc=Sd3bZcYidE4tG7BEiqX7sz8yFn51xFm=ZzwEerbjdZQXnQ@mail.gmail.com> <[🔎] 4d314cdf-02aa-30f1-5f4f-455137825dde@walnut.gen.nz> <[🔎] CANc=Sd3KAB8CPrgXqOgRSrdkdQD7pwnBGW3tC4adVsUp9pEQAQ@mail.gmail.com> <[🔎] CANc=Sd14kOzp7LaO2rbBC5x9Xg7bp86VEvyzxVm7dZ7AD+57_A@mail.gmail.com> <[🔎] CANc=Sd16WCBDoEA0-FnR+N1nbfawanG5Oj5uBAgVvRozn1w1Gg@mail.gmail.com> <[🔎] CANc=Sd2mVyZ2niHUVmGouDyo=CofLBS6T+TZtbA6eNTXTSg97A@mail.gmail.com> <[🔎] 2e5ckno3hf4jv8@mids.svenhartge.de> <[🔎] CANc=Sd379=Vr+YJ7r87wNCp8Owz+DNjRqTGisWa5B4nZSuK+aw@mail.gmail.com> <[🔎] 3e5cng63hf4jv8@mids.svenhartge.de>

On 2018-01-24 14:44:18 +0100, Sven Hartge wrote:
> Michael Fothergill <michael.fothergill@gmail.com> wrote:
> > On 24 January 2018 at 12:58, Sven Hartge <sven@svenhartge.de> wrote:
> 
> >> Michael Fothergill <michael.fothergill@gmail.com> wrote:
> 
> >> > The link within the above one:
> >>> https://gcc.gnu.org/ml/gcc/2018-01/msg00148.html
> >>> also has a link to the ftp download for the release candidate version of
> >>> gcc 7.3 ie 7.3.0rc1 which does actually work for spectre and retpoline.
> 
> >> Debian Sid got gcc-7.3.0rc2 last night, the package is still named gcc-7
> >> (7.2.0-20) though.
> 
> > Does that mean that if you upgrade to sid and installed gcc 7.2.0 you
> > would actually get 7.3.0rc2 in practice?
> 
> Unless I interpret the changelog wrong: yes.

But the changelogs don't mention anything about Spectre and retpoline.

-- 
Vincent Lefèvre <vincent@vinc17.net> - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)

Reply to:

Follow-Ups:
- Re: Question on CVE-2017-5754 on Debian 8.9
  - From: Michael Fothergill <michael.fothergill@gmail.com>

References:
- Re: Question on CVE-2017-5754 on Debian 8.9
  - From: Michael Fothergill <michael.fothergill@gmail.com>
- Re: Question on CVE-2017-5754 on Debian 8.9
  - From: Michael Fothergill <michael.fothergill@gmail.com>
- Re: Question on CVE-2017-5754 on Debian 8.9
  - From: Richard Hector <richard@walnut.gen.nz>
- Re: Question on CVE-2017-5754 on Debian 8.9
  - From: Michael Fothergill <michael.fothergill@gmail.com>
- Re: Question on CVE-2017-5754 on Debian 8.9
  - From: Michael Fothergill <michael.fothergill@gmail.com>
- Re: Question on CVE-2017-5754 on Debian 8.9
  - From: Michael Fothergill <michael.fothergill@gmail.com>
- Re: Question on CVE-2017-5754 on Debian 8.9
  - From: Michael Fothergill <michael.fothergill@gmail.com>
- Re: Question on CVE-2017-5754 on Debian 8.9
  - From: Sven Hartge <sven@svenhartge.de>
- Re: Question on CVE-2017-5754 on Debian 8.9
  - From: Michael Fothergill <michael.fothergill@gmail.com>
- Re: Question on CVE-2017-5754 on Debian 8.9
  - From: Sven Hartge <sven@svenhartge.de>

Prev by Date: Re: Question on CVE-2017-5754 on Debian 8.9
Next by Date: Re: Question on CVE-2017-5754 on Debian 8.9
Previous by thread: Re: Question on CVE-2017-5754 on Debian 8.9
Next by thread: Re: Question on CVE-2017-5754 on Debian 8.9
Index(es):
- Date
- Thread