Am 17. März 2023 19:18:50 UTC schrieb Salvatore Bonaccorso <car...@debian.org>: > >On Thu, Mar 16, 2023 at 04:06:29PM +0100, Tobias Frost wrote: >> Package: release.debian.org >> Severity: normal >> Tags: bullseye >> User: release.debian....@packages.debian.org >> Usertags: pu >> X-Debbugs-Cc: intel-microc...@packages.debian.org, Salvatore Bonaccorso >> <car...@debian.org> >> Control: affects -1 + src:intel-microcode >> >> (Please refer to #1032847#12 for security team's feedback >> that this should go through SPU.) >> >> The upload updates intel microcodes to target (See #1031334) >> - INTEL-SA-00700: CVE-2022-21216 >> - INTEL-SA-00730: CVE-2022-33972 >> - INTEL-SA-00738: CVE-2022-33196 >> - INTEL-SA-00767: CVE-2022-38090 >> >> the CVEs are information disclosure via local access vulnerbilities and >> potential privilege escalations. > >Note that speaking of fixed CVEs, for bullseye and older with the >upload CVE-2022-21233 get fixed as well (this one was as well not >warranting a DSA, it is as well SGX releated).
yes, this CVE is fixed in 3.20220809.1, which is part of this update. to make sure i don't miss it: i thought i do not need to repeat the cve in d/changelog if it is mentioned in earlier d/changelog entries, right? >Regards, >Salvatore
