Bug 247197
| Summary: | sysutils/devcpu-data: intel cpu flaws | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Ports & Packages | Reporter: | rob2g2 <rob2g2-freebsd> | ||||
| Component: | Individual Port(s) | Assignee: | Thomas Zander <riggs> | ||||
| Status: | Closed FIXED | ||||||
| Severity: | Affects Many People | CC: | joneum, ports-secteam, ports-security, riggs, rob2g2-freebsd, sbruno | ||||
| Priority: | --- | Keywords: | buildisok | ||||
| Version: | Latest | Flags: | riggs:
maintainer-feedback+
|
||||
| Hardware: | amd64 | ||||||
| OS: | Any | ||||||
| Attachments: |
|
||||||
|
Description
rob2g2
2020-06-12 07:45:56 UTC
Created attachment 215478 [details]
patch for vuxml
Build info is available at https://gitlab.com/swills/freebsd-ports/pipelines/160645503 Heya Maintainer, can you have a look at this? Is this relevant? Well, its definitely relevant, but is way outside of my knowledge areas. If you're asking if this should be patched into VUXML, that's a secteam question IMO. I can't tell if there's any version of microcode that fixes the issues linked in the update. (In reply to Sean Bruno from comment #4) Good point, Sean. We are going to continue having a hard time verifying if a microcode update actually fixes a problem for good. However, we can say for certain that devcpu-data before the given version number definitely contains the issue. Hence, it should be documented in vuxml, otherwise pkg audit won't show any known CVEs for earlier versions of the port. A commit references this bug: Author: riggs Date: Mon Dec 28 13:15:59 UTC 2020 New revision: 559468 URL: https://svnweb.freebsd.org/changeset/ports/559468 Log: Document CVE-2020-0543 for Intel CPUs. PR: 247197 Submitted by: spam123@bitbert.com Changes: head/security/vuxml/vuln.xml |
