Bug#1043305: marked as done (intel-microcode: CVE-2022-40982 CVE-2022-41804 CVE-2023-23908)

Sat, 12 Aug 2023 04:06:22 -0700 

Your message dated Sat, 12 Aug 2023 11:02:12 +0000
with message-id <e1qumno-00cynk...@fasolo.debian.org>
and subject line Bug#1043305: fixed in intel-microcode 3.20230808.1~deb12u1
has caused the Debian Bug report #1043305,
regarding intel-microcode: CVE-2022-40982 CVE-2022-41804 CVE-2023-23908
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1043305: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1043305
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Source: intel-microcode
Version: 3.20230512.1
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Control: found -1 3.20220510.1~deb11u1
Control: found -1 3.20230214.1~deb11u1

Hi,

The following vulnerabilities were published for intel-microcode.

CVE-2022-40982[0], CVE-2022-41804[1] and CVE-2023-23908[2].


If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2022-40982
    https://www.cve.org/CVERecord?id=CVE-2022-40982
    
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00828.html
[1] https://security-tracker.debian.org/tracker/CVE-2022-41804
    https://www.cve.org/CVERecord?id=CVE-2022-41804
    
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00837.html
[2] https://security-tracker.debian.org/tracker/CVE-2023-23908
    https://www.cve.org/CVERecord?id=CVE-2023-23908
    
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00836.html
[3] 
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20230808

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- End Message ---
--- Begin Message --- 
Source: intel-microcode
Source-Version: 3.20230808.1~deb12u1
Done: Henrique de Moraes Holschuh <h...@debian.org>

We believe that the bug you reported is fixed in the latest version of
intel-microcode, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1043...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Henrique de Moraes Holschuh <h...@debian.org> (supplier of updated 
intel-microcode package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 08 Aug 2023 20:08:03 -0300
Source: intel-microcode
Architecture: source
Version: 3.20230808.1~deb12u1
Distribution: bookworm-security
Urgency: high
Maintainer: Henrique de Moraes Holschuh <h...@debian.org>
Changed-By: Henrique de Moraes Holschuh <h...@debian.org>
Closes: 1043305
Changes:
 intel-microcode (3.20230808.1~deb12u1) bookworm-security; urgency=high
 .
   * Build for bookworm (no changes)
 .
 intel-microcode (3.20230808.1) unstable; urgency=high
 .
   * New upstream microcode datafile 20230808 (closes: #1043305)
     Mitigations for "Downfall" INTEL-SA-00828 (CVE-2022-40982),
     INTEL-SA-00836 (CVE-2023-23908) and INTEL-SA-00837 (CVE-2022-41804)
     * Updated microcodes:
       sig 0x00050653, pf_mask 0x97, 2023-03-23, rev 0x1000181, size 36864
       sig 0x00050654, pf_mask 0xb7, 2023-03-06, rev 0x2007006, size 44032
       sig 0x00050656, pf_mask 0xbf, 2023-03-17, rev 0x4003604, size 38912
       sig 0x00050657, pf_mask 0xbf, 2023-03-17, rev 0x5003604, size 38912
       sig 0x0005065b, pf_mask 0xbf, 2023-03-21, rev 0x7002703, size 30720
       sig 0x000606a6, pf_mask 0x87, 2023-03-30, rev 0xd0003a5, size 297984
       sig 0x000706e5, pf_mask 0x80, 2023-02-26, rev 0x00bc, size 113664
       sig 0x000806c1, pf_mask 0x80, 2023-02-27, rev 0x00ac, size 111616
       sig 0x000806c2, pf_mask 0xc2, 2023-02-27, rev 0x002c, size 98304
       sig 0x000806d1, pf_mask 0xc2, 2023-02-27, rev 0x0046, size 103424
       sig 0x000806e9, pf_mask 0xc0, 2023-02-22, rev 0x00f4, size 106496
       sig 0x000806e9, pf_mask 0x10, 2023-02-23, rev 0x00f4, size 105472
       sig 0x000806ea, pf_mask 0xc0, 2023-02-23, rev 0x00f4, size 105472
       sig 0x000806eb, pf_mask 0xd0, 2023-02-23, rev 0x00f4, size 106496
       sig 0x000806ec, pf_mask 0x94, 2023-02-26, rev 0x00f8, size 106496
       sig 0x000806f8, pf_mask 0x87, 2023-05-09, rev 0x2b0004b1, size 572416
       sig 0x000806f7, pf_mask 0x87, 2023-05-09, rev 0x2b0004b1
       sig 0x000806f6, pf_mask 0x87, 2023-05-09, rev 0x2b0004b1
       sig 0x000806f5, pf_mask 0x87, 2023-05-09, rev 0x2b0004b1
       sig 0x000806f4, pf_mask 0x87, 2023-05-09, rev 0x2b0004b1
       sig 0x000806f8, pf_mask 0x10, 2023-05-15, rev 0x2c000271, size 605184
       sig 0x000806f6, pf_mask 0x10, 2023-05-15, rev 0x2c000271
       sig 0x000806f5, pf_mask 0x10, 2023-05-15, rev 0x2c000271
       sig 0x000806f4, pf_mask 0x10, 2023-05-15, rev 0x2c000271
       sig 0x00090672, pf_mask 0x07, 2023-04-18, rev 0x002e, size 220160
       sig 0x00090675, pf_mask 0x07, 2023-04-18, rev 0x002e
       sig 0x000b06f2, pf_mask 0x07, 2023-04-18, rev 0x002e
       sig 0x000b06f5, pf_mask 0x07, 2023-04-18, rev 0x002e
       sig 0x000906a3, pf_mask 0x80, 2023-04-18, rev 0x042c, size 219136
       sig 0x000906a4, pf_mask 0x80, 2023-04-18, rev 0x042c
       sig 0x000906e9, pf_mask 0x2a, 2023-02-23, rev 0x00f4, size 108544
       sig 0x000906ea, pf_mask 0x22, 2023-02-23, rev 0x00f4, size 104448
       sig 0x000906eb, pf_mask 0x02, 2023-02-23, rev 0x00f4, size 106496
       sig 0x000906ec, pf_mask 0x22, 2023-02-23, rev 0x00f4, size 105472
       sig 0x000906ed, pf_mask 0x22, 2023-02-27, rev 0x00fa, size 106496
       sig 0x000a0652, pf_mask 0x20, 2023-02-23, rev 0x00f8, size 97280
       sig 0x000a0653, pf_mask 0x22, 2023-02-23, rev 0x00f8, size 97280
       sig 0x000a0655, pf_mask 0x22, 2023-02-23, rev 0x00f8, size 97280
       sig 0x000a0660, pf_mask 0x80, 2023-02-23, rev 0x00f8, size 97280
       sig 0x000a0661, pf_mask 0x80, 2023-02-23, rev 0x00f8, size 96256
       sig 0x000a0671, pf_mask 0x02, 2023-02-26, rev 0x0059, size 104448
       sig 0x000b0671, pf_mask 0x32, 2023-06-06, rev 0x0119, size 210944
       sig 0x000b06a2, pf_mask 0xe0, 2023-06-06, rev 0x4119, size 216064
       sig 0x000b06a3, pf_mask 0xe0, 2023-06-06, rev 0x4119
       sig 0x000b06e0, pf_mask 0x11, 2023-04-12, rev 0x0011, size 136192
   * source: update symlinks to reflect id of the latest release, 20230808
Checksums-Sha1:
 493a868347db1dd4f2a71471acd65199f72e03e8 1830 
intel-microcode_3.20230808.1~deb12u1.dsc
 4bd7d67282fce04178f8722bc75aaf45f73a3d72 7199240 
intel-microcode_3.20230808.1~deb12u1.tar.xz
 f6e7a7ec6d7d89caa80055754a6e28796cf88377 6049 
intel-microcode_3.20230808.1~deb12u1_amd64.buildinfo
Checksums-Sha256:
 27384950ada8152f425c6166462950a66d27b871231738f8d3c0c062cd29241d 1830 
intel-microcode_3.20230808.1~deb12u1.dsc
 b29c3296f94aaf1bfee1d4bc3194e1e8446730f0727613ef1a70d8d1dd51118e 7199240 
intel-microcode_3.20230808.1~deb12u1.tar.xz
 cc649bf70ea7b8eca43839d88641960a3755284ed65b8bcf3d6fc2515f927d63 6049 
intel-microcode_3.20230808.1~deb12u1_amd64.buildinfo
Files:
 4904671be6b8135bd8fb5dfd618493d2 1830 non-free-firmware/admin standard 
intel-microcode_3.20230808.1~deb12u1.dsc
 db521a942b0e428b774a3f7c4e0ab500 7199240 non-free-firmware/admin standard 
intel-microcode_3.20230808.1~deb12u1.tar.xz
 ce6d842e1784f5d4c9447b2b151e6377 6049 non-free-firmware/admin standard 
intel-microcode_3.20230808.1~deb12u1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEIXEYtQeAQUHyKjs9TkVcVzAplOQFAmTSzhQACgkQTkVcVzAp
lORwjQ//Qh2bkHQA80AccvgGyBirvktSfEwYXviZeEY3pdBzOM5bwEkmEGFh4CfD
V5cHBarUIS2x6Hf3l5zCtJPuXq1CMZV9Hvklpbr4w8MMIJpbri4YcV4VYZ+ngHIt
fytVAwPWCrTya8EptqCG8PEjv4aRbF+f3AedREAOK2T8QPN6iPJYKnVpYDPDPmjy
UnVJh7brIJ0a64fITC0i69N1kxjJ3bs9oWPItJLSxwdUB0Q2dwr0rvD8fjjCRC6d
EcJG71u2v9MA3910/UQoU/xGJyYkOaSF3g1pd1rQne/7oFGaZcPA4/sXqOWH5jVu
FSC9ZTa4SPWkYUTBTzm7c39jl7IDOT7Sffx6FjO/P+GNn2YSKHmlCpQqpytokDzE
jiYKG8hMlu4F4d9W0+HIHQtXxuX1zUdyBsH26FjVww9mUIsCVIZGXVbCbhTnPgLL
BsKPnvgVKzYxMSMFRnD8TW6Y5Euljqa+Gd3DcgNKLGGUlZatMHcBibmwGjO8K+J7
t2dj/x2plHQk7Ok/W0lRrboOlHhK9oF3/elqPWgGSLjpiUkcjqNEvnfWkdEpzs7S
Eg9pE6l6MshDXK6/jfL1MhMNOpb3WVfZkSDKLVAV+Oq4qMGRniqxtwyNINeBNeZc
E9hKhijRPgv/IEQJOl4UXgede7AQCLotZdo2B4lD9Tcqv9x0Mt4=
=/YZQ
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to