On Wed, 14 Mar 2018, Moritz Muehlenhoff wrote: > On Sun, Jan 21, 2018 at 07:47:35AM -0200, Henrique de Moraes Holschuh wrote: > > severity 887856 grave > > block 887856 by 886998 > > thanks > > > > On Sat, 20 Jan 2018, Julien Aubin wrote: > > > As of now intel-microcode of stretch is still set to 20170707 (20171117 > > > through > > > bpo) which lets users vulnerable to Spectre attack CVE-2017-5715. Could > > > you > > > please bring quickly the microcode update to stretch, at least on bpo ? > > > > Please refer to bug #886998 > > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=886998 > > > > We will wait for a new, official Intel microcode release before we > > consider updating the intel-microcode package in stable and backports. > > https://downloadcenter.intel.com/download/27591/Linux-Processor-Microcode-Data-File > > These should be good now?
Yes, uploaded to unstable a few hours ago (might be waiting on dinstall, though). > Let's keep this cooking in unstable for a while before considering an upgrade > in stable, though. Sure, uploaded with medium priority to get 10 days worth of unstable, then let's get it to wait around on testing for at least 1 month *after* the next kernel update in testing (which should re-enable IBRS+IBPB on Skylake). Unless we get lots of indirect coverage from other distros that would allow us to speed this up, I'd say we'll wait about 2 months before proposing it for -stable. I will upload the usual backports after it propagates to testing, though. -- Henrique Holschuh
