Bug#1041863: marked as done (amd64-microcode: CVE-2023-20593: use-after-free in AMD Zen2 processors)

[Debian Bug Tracking System]

Your message dated Mon, 24 Jul 2023 16:49:02 +0000
with message-id <e1qnyk2-00cdz3...@fasolo.debian.org>
and subject line Bug#1041863: fixed in amd64-microcode 3.20230719.1
has caused the Debian Bug report #1041863,
regarding amd64-microcode: CVE-2023-20593: use-after-free in AMD Zen2 processors
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1041863: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1041863
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Source: amd64-microcode
Version: 3.20230414.1
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Control: found -1  3.20191218.1

Hi,

The following vulnerability was published for amd64-microcode.

CVE-2023-20593[0]:
| use-after-free in AMD Zen2 processors

Merge request at [2].

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2023-20593
    https://www.cve.org/CVERecord?id=CVE-2023-20593
[1] https://lock.cmpxchg8b.com/zenbleed.html
[2] https://salsa.debian.org/hmh/amd64-microcode/-/merge_requests/5

Regards,
Salvatore

--- End Message ---

--- Begin Message ---

Source: amd64-microcode
Source-Version: 3.20230719.1
Done: Henrique de Moraes Holschuh <h...@debian.org>

We believe that the bug you reported is fixed in the latest version of
amd64-microcode, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1041...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Henrique de Moraes Holschuh <h...@debian.org> (supplier of updated 
amd64-microcode package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 24 Jul 2023 13:07:34 -0300
Source: amd64-microcode
Architecture: source
Version: 3.20230719.1
Distribution: unstable
Urgency: high
Maintainer: Henrique de Moraes Holschuh <h...@debian.org>
Changed-By: Henrique de Moraes Holschuh <h...@debian.org>
Closes: 1041863
Changes:
 amd64-microcode (3.20230719.1) unstable; urgency=high
 .
   * Update package data from linux-firmware 20230625-39-g59fbffa9:
     * Fixes for CVE-2023-20593 "Zenbleed" on AMD Zen2 processors
       (closes: #1041863)
     * New Microcode patches:
       + Family=0x17 Model=0xa0 Stepping=0x00: Patch=0x08a00008
     * Updated Microcode patches:
       + Family=0x17 Model=0x31 Stepping=0x00: Patch=0x0830107a
       + Family=0x19 Model=0x01 Stepping=0x00: Patch=0x0a001079
       + Family=0x19 Model=0x01 Stepping=0x01: Patch=0x0a0011d1
       + Family=0x19 Model=0x01 Stepping=0x02: Patch=0x0a001234
   * README: update for new release
Checksums-Sha1:
 1263b79d06590da1853024c4a00e3766336fb0a8 1695 amd64-microcode_3.20230719.1.dsc
 72c9fa45ac3882c8804e72a7f8f2c5ffee48e840 120676 
amd64-microcode_3.20230719.1.tar.xz
 b4e617ab310d5f633e0c486f7a5cf48fbed49e48 6680 
amd64-microcode_3.20230719.1_amd64.buildinfo
Checksums-Sha256:
 7038054ec4fe57add514dd3b4683617bd5781b24d3a6a1ce144035e47d147fec 1695 
amd64-microcode_3.20230719.1.dsc
 c6942f14f798056f26ec9eeae93e03f57975e513ef07f4173366f0cb519d2a30 120676 
amd64-microcode_3.20230719.1.tar.xz
 485421994a42d167e3201cac193f21161afa82bc8e6f7f4f495dd2821f8bebe2 6680 
amd64-microcode_3.20230719.1_amd64.buildinfo
Files:
 62073b5eca489f0bab7984f88aad24ef 1695 non-free-firmware/admin standard 
amd64-microcode_3.20230719.1.dsc
 026554c25951d0f410933e1a67d43a5c 120676 non-free-firmware/admin standard 
amd64-microcode_3.20230719.1.tar.xz
 41f75b81b241f5969459b919c8b44450 6680 non-free-firmware/admin standard 
amd64-microcode_3.20230719.1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEIXEYtQeAQUHyKjs9TkVcVzAplOQFAmS+prMACgkQTkVcVzAp
lOQHTw/+K8avtXUHKXH/f7VvF8g65sd1BCKrEWHb2snJcrhulAlnOB7y9xrlf25T
H0vLlJVUAqc7MVf5PJpJJS6EC3MXznXaZlJElpcGIQWt1J/CoU+GjfCxyegxo3G9
LFRin4/zZJmP7R4XlKZ7OTYo0sMO1Wc+8rCFAmgRQnvKiTwCyCcp7nkaVMOP0BO3
oiJNh0q6JJajRV4Tv18kaRq28MwtxN4kFa0LgoUowlsz4dmmz4xuQv/zuYx+U40z
l+MxqTLiNIPt/VAxwyuwXPsZyCcJ7f2jO9q55y0+HxDy0wU5cH6tCsLskNocdNZF
fGebiIKk+1VI6yM+WWCmFtUMd1Tk/R1BQalDs3rFFpOQIj0mSRFzX//1WrYqu75i
ttu9rvhQZAJAE89aC4WuBkG3THMvjBKavRlpjyIp81wq5t98/hKhDjMB47hwKT+y
0obY0JXbrWRMZKGcJhPxUjfmdRm3vJ3CgR02+uH1YWLroQCWonYnUTMA6BFH3npx
cOZx+4bgvnhPMku/+pe8d1rHM3VJa6LlfzUojUOnXxHh9FJyO9yfSTrqjutttniw
WOUm3GbE+WAAXe5uGTXsfZmfozeGVQWAEiG3qComfHCZddzVbdaSv4rDTAijCpt9
Y1es5zPZamdBtpmEoynJvbsIuyZd4hpLUVB7uXypN6qbJVUXi6I=
=vp7x
-----END PGP SIGNATURE-----

--- End Message ---