Bug 247197 - sysutils/devcpu-data: intel cpu flaws
Summary: sysutils/devcpu-data: intel cpu flaws
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: amd64 Any
: --- Affects Many People
Assignee: Thomas Zander
URL:
Keywords: buildisok
Depends on:
Blocks:
 
Reported: 2020-06-12 07:45 UTC by rob2g2
Modified: 2020-12-28 13:17 UTC (History)
6 users (show)

See Also:
riggs: maintainer-feedback+


Attachments
patch for vuxml (972 bytes, patch)
2020-06-12 07:46 UTC, rob2g2
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description rob2g2 2020-06-12 07:45:56 UTC
add information about Intel Special Register Buffer Data Sampling Advisory.
thanks sbruno we got such a quick fix.
Comment 1 rob2g2 2020-06-12 07:46:52 UTC
Created attachment 215478 [details]
patch for vuxml
Comment 2 Automation User 2020-06-27 00:04:18 UTC
Build info is available at https://gitlab.com/swills/freebsd-ports/pipelines/160645503
Comment 3 Jochen Neumeister freebsd_committer 2020-07-23 19:50:14 UTC
Heya Maintainer,

can you have a look at this? Is this relevant?
Comment 4 Sean Bruno freebsd_committer 2020-07-24 13:46:04 UTC
Well, its definitely relevant, but is way outside of my knowledge areas.

If you're asking if this should be patched into VUXML, that's a secteam question IMO.  I can't tell if there's any version of microcode that fixes the issues linked in the update.
Comment 5 Thomas Zander freebsd_committer 2020-12-28 13:08:04 UTC
(In reply to Sean Bruno from comment #4)

Good point, Sean. We are going to continue having a hard time verifying if a microcode update actually fixes a problem for good.

However, we can say for certain that devcpu-data before the given version number definitely contains the issue. Hence, it should be documented in vuxml, otherwise pkg audit won't show any known CVEs for earlier versions of the port.
Comment 6 commit-hook freebsd_committer 2020-12-28 13:16:22 UTC
A commit references this bug:

Author: riggs
Date: Mon Dec 28 13:15:59 UTC 2020
New revision: 559468
URL: https://svnweb.freebsd.org/changeset/ports/559468

Log:
  Document CVE-2020-0543 for Intel CPUs.

  PR:		247197
  Submitted by:	spam123@bitbert.com

Changes:
  head/security/vuxml/vuln.xml