Your message dated Wed, 26 Jul 2023 07:32:23 +0000 with message-id <e1qoz0r-002ryz...@fasolo.debian.org> and subject line Bug#1041863: fixed in amd64-microcode 3.20230719.1~deb11u1 has caused the Debian Bug report #1041863, regarding amd64-microcode: CVE-2023-20593: use-after-free in AMD Zen2 processors to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1041863: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1041863 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: amd64-microcode Version: 3.20230414.1 Severity: grave Tags: security upstream Justification: user security hole X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Control: found -1 3.20191218.1 Hi, The following vulnerability was published for amd64-microcode. CVE-2023-20593[0]: | use-after-free in AMD Zen2 processors Merge request at [2]. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-20593 https://www.cve.org/CVERecord?id=CVE-2023-20593 [1] https://lock.cmpxchg8b.com/zenbleed.html [2] https://salsa.debian.org/hmh/amd64-microcode/-/merge_requests/5 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: amd64-microcode Source-Version: 3.20230719.1~deb11u1 Done: Henrique de Moraes Holschuh <h...@debian.org> We believe that the bug you reported is fixed in the latest version of amd64-microcode, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1041...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Henrique de Moraes Holschuh <h...@debian.org> (supplier of updated amd64-microcode package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 24 Jul 2023 16:19:13 -0300 Source: amd64-microcode Binary: amd64-microcode Architecture: source amd64 Version: 3.20230719.1~deb11u1 Distribution: bullseye-security Urgency: high Maintainer: Henrique de Moraes Holschuh <h...@debian.org> Changed-By: Henrique de Moraes Holschuh <h...@debian.org> Description: amd64-microcode - Processor microcode firmware for AMD CPUs Closes: 970395 1006444 1009333 1031103 1041863 Changes: amd64-microcode (3.20230719.1~deb11u1) bullseye-security; urgency=high . * Build for bullseye-security * Revert move to non-free-firmware . amd64-microcode (3.20230719.1) unstable; urgency=high . * Update package data from linux-firmware 20230625-39-g59fbffa9: * Fixes for CVE-2023-20593 "Zenbleed" on AMD Zen2 processors (closes: #1041863) * New Microcode patches: + Family=0x17 Model=0xa0 Stepping=0x00: Patch=0x08a00008 * Updated Microcode patches: + Family=0x17 Model=0x31 Stepping=0x00: Patch=0x0830107a + Family=0x19 Model=0x01 Stepping=0x00: Patch=0x0a001079 + Family=0x19 Model=0x01 Stepping=0x01: Patch=0x0a0011d1 + Family=0x19 Model=0x01 Stepping=0x02: Patch=0x0a001234 * README: update for new release . amd64-microcode (3.20230414.1) unstable; urgency=medium . * Update package data from linux-firmware 20230404-38-gfab14965: (closes: #1031103) * Updated Microcode patches: + Family=0x17 Model=0x31 Stepping=0x00: Patch=0x08301072 + Family=0x19 Model=0x01 Stepping=0x00: Patch=0x0a001078 + Family=0x19 Model=0x01 Stepping=0x01: Patch=0x0a0011ce + Family=0x19 Model=0x01 Stepping=0x02: Patch=0x0a001231 * README: update for new release . amd64-microcode (3.20220411.2) unstable; urgency=medium . * Move source and binary from non-free/admin to non-free-firmware/admin following the 2022 General Resolution about non-free firmware. . amd64-microcode (3.20220411.1) unstable; urgency=medium . * Update package data from linux-firmware 20220411: * New microcode updates from AMD upstream (20220408) (closes: #1006444, #1009333) + New Microcode patches: sig 0x00830f10, patch id 0x08301055, 2022-02-15 sig 0x00a00f10, patch id 0x0a001058, 2022-02-10 sig 0x00a00f11, patch id 0x0a001173, 2022-01-31 sig 0x00a00f12, patch id 0x0a001229, 2022-02-10 + Updated Microcode patches: sig 0x00800f12, patch id 0x0800126e, 2021/11/11 * New AMD-SEV firmware from AMD upstream (20220308) Fixes: CVE-2019-9836 (closes: #970395) + New SEV firmware: Family 17h models 00h-0fh: version 0.17 build 48 Family 17h models 30h-3fh: version 0.24 build 15 Family 19h models 00h-0fh: version 1.51 build 3 * README: update for new release * debian: ship AMD-SEV firmware. Upstream license is the same license used for amd-ucode . amd64-microcode (3.20191218.1) unstable; urgency=medium . * New microcode update packages from AMD upstream: + Removed Microcode updates (known to cause issues): sig 0x00830f10, patch id 0x08301025, 2019-07-11 * README: update for new release . amd64-microcode (3.20191021.1) unstable; urgency=medium . * New microcode update packages from AMD upstream: + New Microcodes: sig 0x00830f10, patch id 0x08301025, 2019-07-11 + Updated Microcodes: sig 0x00800f12, patch id 0x08001250, 2019-04-16 sig 0x00800f82, patch id 0x0800820d, 2019-04-16 * README: update for new release Checksums-Sha1: 7dccade4532d4175c3abe2c79b182aa03c35f9b1 1718 amd64-microcode_3.20230719.1~deb11u1.dsc afac309fafe27d712a2502efc4dd3fe4f8f7b92a 120672 amd64-microcode_3.20230719.1~deb11u1.tar.xz dc0e131456b7d86d5a939088630f60236a2866a8 6066 amd64-microcode_3.20230719.1~deb11u1_amd64.buildinfo 7f707a02abc844c3e22a8aafbae1a04f4fa29894 120432 amd64-microcode_3.20230719.1~deb11u1_amd64.deb Checksums-Sha256: 86184ee4c832095eed01c8a37ca733514bfbb66289d03906164678e198edc732 1718 amd64-microcode_3.20230719.1~deb11u1.dsc be8cbe570f83def6d938e9bda2cbf0a733f2ba61bcc4bf437bf0d9bf78cd28e9 120672 amd64-microcode_3.20230719.1~deb11u1.tar.xz 8f43575f904c4a830e77abb0c6f9766f1fea78b325dff9311542b309727b0270 6066 amd64-microcode_3.20230719.1~deb11u1_amd64.buildinfo f52ad5cea35013d80cd9d03f93d7aff68dc1fee3a1ea87553e3b273c17107f4c 120432 amd64-microcode_3.20230719.1~deb11u1_amd64.deb Files: 55d103f328dedcfa34c311879c994140 1718 non-free/admin standard amd64-microcode_3.20230719.1~deb11u1.dsc 8d4e1ac64df1b791350c2253f903f736 120672 non-free/admin standard amd64-microcode_3.20230719.1~deb11u1.tar.xz 51031068a68f731f4d5a5460a89b48ce 6066 non-free/admin standard amd64-microcode_3.20230719.1~deb11u1_amd64.buildinfo 2ba6e9e470bbbb9ca5629aae9cae4f30 120432 non-free/admin standard amd64-microcode_3.20230719.1~deb11u1_amd64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEIXEYtQeAQUHyKjs9TkVcVzAplOQFAmS+0FoACgkQTkVcVzAp lORl8BAAtpUYnGMH/SkwUM38nONPCCXo7PBgohfyJ5uxxzFYdHec9CskFFzBbQyT AEebpAVnRIz0+TW9oEntLVO6Unlo7Tuildnr9Velzt33tL0xcwY7Ld8ZL1eNXQcg Pobz+r3EFTrz/3EEQiHzSWuT+gjzLL/tjL7DOY944ztso1mm12/KOisizLRMRmQu +hpn4D17q8oA9tSJ084e69SyknYP3RY22egB2NLJjXPTwVAjdzVUe0bPfHq6Mra5 KKra/hhwiYdXAThntfiZXfMhgNiVka8WHILyipDv6MIi6PTuBA87sumaM7d8P2+U Uxim61cPkJQQo+jp5YgiVzwA3m30ANhQ4PBMOh8hyChS5oRONCEkyBVAPfl8cJ/d rGFJOsAaHonu1dk/e1XKYEKMY/7BRt6LC0enOPf8GkLYk3ysyHim7mLsTEvt8jiV vHBCmi4hhFv8P8nxCBykWARYj9YPKOVnZ8d6uXZJ9OQq7GTKJDUGRMtrxb9cLfCo o3E2ORc1tXnOp7PRd7kbghmyy6A/3bFx40U1z5IiWvWHv3/RAURRHbWoSkd7r8PC bnfGQi07joxtCgXdj1MSNkbI6UCQSyytMcYHQWWEqGPYrp7UKtuA+k7kFVxI2wjH VXNiSqIlHuVYjEieEl3ZdAK7nd5VvmKjfECLmNpnITCDCCcbb1w= =l6j9 -----END PGP SIGNATURE-----
--- End Message ---
