On Wed, Mar 14, 2018 at 12:39:22PM -0300, Henrique de Moraes Holschuh wrote:
> On Wed, 14 Mar 2018, Moritz Muehlenhoff wrote:
> > On Sun, Jan 21, 2018 at 07:47:35AM -0200, Henrique de Moraes Holschuh wrote:
> > > severity 887856 grave
> > > block 887856 by 886998
> > > thanks
> > >
> > > On Sat, 20 Jan 2018, Julien Aubin wrote:
> > > > As of now intel-microcode of stretch is still set to 20170707 (20171117
> > > > through
> > > > bpo) which lets users vulnerable to Spectre attack CVE-2017-5715. Could
> > > > you
> > > > please bring quickly the microcode update to stretch, at least on bpo ?
> > >
> > > Please refer to bug #886998
> > > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=886998
> > >
> > > We will wait for a new, official Intel microcode release before we
> > > consider updating the intel-microcode package in stable and backports.
> >
> > https://downloadcenter.intel.com/download/27591/Linux-Processor-Microcode-Data-File
> >
> > These should be good now?
>
> Yes, uploaded to unstable a few hours ago (might be waiting on dinstall,
> though).
>
> > Let's keep this cooking in unstable for a while before considering an
> > upgrade in stable, though.
>
> Sure, uploaded with medium priority to get 10 days worth of unstable,
> then let's get it to wait around on testing for at least 1 month *after*
> the next kernel update in testing (which should re-enable IBRS+IBPB on
> Skylake).
>
> Unless we get lots of indirect coverage from other distros that would
> allow us to speed this up, I'd say we'll wait about 2 months before
> proposing it for -stable.
Ack, that was about the time frame I had in my mind.
Cheers,
Moritz
