[Git][security-tracker-team/security-tracker][master] disassociate one microcode issue from intel-microcode

Wed, 23 Feb 2022 05:28:19 -0800 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
508da566 by Moritz Muehlenhoff at 2022-02-23T14:27:22+01:00
disassociate one microcode issue from intel-microcode
one PHP issue n/a for older suites

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -77135,8 +77135,8 @@ CVE-2021-21708
        {DSA-5082-1}
        - php8.1 <unfixed>
        - php7.4 <removed>
-       - php7.3 <removed>
-       - php7.0 <removed>
+       - php7.3 <not-affected> (Vulnerable code introduced in 7.4)
+       - php7.0 <not-affected> (Vulnerable code introduced in 7.4)
        NOTE: Fixed in 8.1.3, 7.4.28
        NOTE: PHP Bug: https://bugs.php.net/81708
 CVE-2021-21707 (In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 
8.0.x below ...)
@@ -94132,9 +94132,12 @@ CVE-2021-0148 (Insertion of information into log file 
in firmware for some Intel
 CVE-2021-0147 (Improper locking in the Power Management Controller (PMC) for 
some Int ...)
        NOT-FOR-US: Intel
 CVE-2021-0146 (Hardware allows activation of test or debug logic at runtime 
for some  ...)
-       - intel-microcode <unfixed>
-       [bullseye] - intel-microcode <postponed> (Wait until exposed in 
unstable; tendency to point release)
-       [buster] - intel-microcode <postponed> (Wait until exposed in unstable; 
tendency point release)
+       NOT-FOR-US: Intel CPU microcode
+       NOTE: This vulnerability cannot be fixed via the intel-microcode 
package since it
+       NOTE: needs to be present before the CPU is even initialised fully:
+       NOTE: 
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/57#issuecomment-1036363145
+       NOTE: As such, updates need to be shipped via board vendors and not 
tracking it as
+       NOTE: a fixable bug in intel-microcode
        NOTE: 
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00528.html
        NOTE: 
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20220207
 CVE-2021-0145 (Improper initialization of shared resources in some Intel(R) 
Processor ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/508da566b416d6ea98860217493548f52452949f

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/508da566b416d6ea98860217493548f52452949f
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to