Back to linux PTS page

Accepted linux 5.3.9-2 (source) into unstable

To: debian-devel-changes@lists.debian.org
Subject: Accepted linux 5.3.9-2 (source) into unstable
From: Ben Hutchings <ben@decadent.org.uk>
Date: Tue, 12 Nov 2019 21:12:28 +0000
Mail-followup-to: debian-devel@lists.debian.org
Message-id: <E1iUdSe-000AJn-IP@fasolo.debian.org>
Reply-to: debian-devel@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 12 Nov 2019 15:44:08 +0000
Source: linux
Architecture: source
Version: 5.3.9-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Kernel Team <debian-kernel@lists.debian.org>
Changed-By: Ben Hutchings <ben@decadent.org.uk>
Changes:
 linux (5.3.9-2) unstable; urgency=medium
 .
   * [x86] Add mitigation for TSX Asynchronous Abort (CVE-2019-11135):
     - x86/msr: Add the IA32_TSX_CTRL MSR
     - x86/cpu: Add a helper function x86_read_arch_cap_msr()
     - x86/cpu: Add a "tsx=" cmdline option with TSX disabled by default
     - x86/speculation/taa: Add mitigation for TSX Async Abort
     - x86/speculation/taa: Add sysfs reporting for TSX Async Abort
     - kvm/x86: Export MDS_NO=0 to guests when TSX is enabled
     - x86/tsx: Add "auto" option to the tsx= cmdline parameter
     - x86/speculation/taa: Add documentation for TSX Async Abort
     - x86/tsx: Add config options to set tsx=on|off|auto
     - x86/speculation/taa: Fix printing of TAA_MSG_SMT on IBRS_ALL CPUs
     TSX is now disabled by default; see
     Documentation/admin-guide/hw-vuln/tsx_async_abort.rst
   * [x86] KVM: Add mitigation for Machine Check Error on Page Size Change
     (aka iTLB multi-hit, CVE-2018-12207):
     - kvm: x86, powerpc: do not allow clearing largepages debugfs entry
     - x86/bugs: Add ITLB_MULTIHIT bug infrastructure
     - x86/cpu: Add Tremont to the cpu vulnerability whitelist
     - cpu/speculation: Uninline and export CPU mitigations helpers
     - kvm: mmu: ITLB_MULTIHIT mitigation
     - kvm: Add helper function for creating VM worker threads
     - kvm: x86: mmu: Recovery of shattered NX large pages
     - Documentation: Add ITLB_MULTIHIT documentation
   * [x86] i915: Mitigate local privilege escalation on gen9 (CVE-2019-0155):
     - drm/i915: Rename gen7 cmdparser tables
     - drm/i915: Disable Secure Batches for gen6+
     - drm/i915: Remove Master tables from cmdparser
     - drm/i915: Add support for mandatory cmdparsing
     - drm/i915: Support ro ppgtt mapped cmdparser shadow buffers
     - drm/i915: Allow parsing of unsized batches
     - drm/i915: Add gen9 BCS cmdparsing
     - drm/i915/cmdparser: Use explicit goto for error paths
     - drm/i915/cmdparser: Add support for backward jumps
     - drm/i915/cmdparser: Ignore Length operands during command matching
     - drm/i915/cmdparser: Fix jump whitelist clearing
   * [x86] i915: Mitigate local denial-of-service on gen8/gen9 (CVE-2019-0154):
     - drm/i915: Lower RM timeout to avoid DSI hard hangs
     - drm/i915/gen8+: Add RC6 CTX corruption WA
Checksums-Sha1:
 c22f049ca403891301c3707c7c0c3f9f8e818102 197528 linux_5.3.9-2.dsc
 ebebd74507e1b62ab2fc469875aabe06c63ad799 3555404 linux_5.3.9-2.debian.tar.xz
 30d0a91cf128fd647a8f3addb4880ac8d8457387 48103 linux_5.3.9-2_source.buildinfo
Checksums-Sha256:
 7a901db414c7874ec2eca659a2dd388633f6422702096a5e0c6b3da6ddf0633a 197528 linux_5.3.9-2.dsc
 d96081834f8e111890900e5dc55e0a44b6570d8854a9f5700c41b9cc58fada4f 3555404 linux_5.3.9-2.debian.tar.xz
 a32178c57ef87606a12979391a5b8f88d1d19f9ed6b606c2d2b8973916ed459f 48103 linux_5.3.9-2_source.buildinfo
Files:
 991a7dfb9f4b4948f7e57336b1caa53b 197528 kernel optional linux_5.3.9-2.dsc
 3d2cd5c573806849eaa03417fce553b0 3555404 kernel optional linux_5.3.9-2.debian.tar.xz
 58ece471be953c32fe177c01168a419b 48103 kernel optional linux_5.3.9-2_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEErCspvTSmr92z9o8157/I7JWGEQkFAl3LEgYACgkQ57/I7JWG
EQmhmg/9GDHHJAq9HmeZ3d1BHHQBGN7vWkDXQknEQuslzHGjg+IXxSpTS0GufI9f
jz8u0ojH5oag7p8aAvjcEPqEwUCOJ+t5h9hxqkTc5pxJOEeOKRAacDNUth0t2N+4
C4tTn/dGPkSFXZbx2jfGY++NBFYcsrhh1I+MQvdnFNBbcWBLy6NT7A4GU7dkPPnZ
yCt9LubBrcWPLQyhfmE7DANO2cAi2KZq9Z0LfHjxBvGz3Hl8jua+NK0SZINlGnU/
PNNSTCRxXo6GyPttRA2kTj0RHULb9yjnJ/NwfrNIS7PsgsRQO+KtHHDmC5H/FxlP
ryoeAvjco3nrfz9CAQYhjwolA8gb4UU1xhD9vdGtCXnGUsVLVFYnBdNTLk4PXGPx
jfPvvk6kDenMo8C7fMd7iosz/Q8bRGiD92UyPzG3wcog4SVfA0hmfyEuLKRmDmNj
+uijiqL0Y0P7EQjvUP4w8pKOHpKL4Ffh/OdhqBaHkH6zCsQyr4DCtkv80rvJCBdU
y9neEweOdshQ9/QFUcQ0MVbl1KT6ViW6l3fftDsk8lsdTmRJAawbbB4TeVMHNn5F
0Pf6hakP0wrYKqBuiGvNzLIzow5qToCen6ZjdDXUANbvt7fKfZauv6I4v0zLg+ql
ZwlypAC7uWknaoHw5fOPPb/uU4xZwsXZXzcy2IbXOq4LcLopza0=
=GY8E
-----END PGP SIGNATURE-----