Hi Henrique, On Sun, 2020-03-15 at 21:37 +0100, Anton Gladky wrote: > I have prepared an update for amd64-microcode for Debian Stretch, > which fixes CVE-2017-5715. Please see an attached debdiff. > > This is the newer upstream version, which fixes CVE-2017-5715. > Security team marked this CVE for Stretch as <no-dsa> [1].
Do you have any input / thoughts on this proposed update? This would pull stretch's amd64-microcode to the version that's currently in stretch-backports and buster. That's an update for stretch from 2016 -> 2018, but still behind unstable and testing, which have a 2019 package. The complete set of package versions is currently: amd64-microcode | 2.20160316.1~deb8u1 | oldoldstable/non-free | source, amd64, i386 amd64-microcode | 3.20160316.3 | oldstable/non-free | source, amd64, i386 amd64-microcode | 3.20181128.1~bpo9+1 | stretch-backports/non-free | source, amd64, i386 amd64-microcode | 3.20181128.1~deb8u1 | oldoldstable/updates/non-free | source, amd64, i386 amd64-microcode | 3.20181128.1 | stable/non-free | source, amd64, i386 amd64-microcode | 3.20191218.1 | testing/non-free | source, amd64, i386 amd64-microcode | 3.20191218.1 | unstable/non-free | source, amd64, i386 Regards, Adam
