Debian Package Tracker

From: Ben Hutchings <ben@decadent.org.uk>
To:
Subject: Accepted linux-signed-arm64 4.19.67+2+deb10u2 (source) into stable->embargoed, stable
Date: Tue, 12 Nov 2019 18:36:14 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Mon, 11 Nov 2019 00:30:56 +0000
Source: linux-signed-arm64
Binary: kernel-image-4.19.0-6-arm64-di nic-modules-4.19.0-6-arm64-di nic-wireless-modules-4.19.0-6-arm64-di nic-shared-modules-4.19.0-6-arm64-di usb-serial-modules-4.19.0-6-arm64-di ppp-modules-4.19.0-6-arm64-di cdrom-core-modules-4.19.0-6-arm64-di scsi-core-modules-4.19.0-6-arm64-di scsi-modules-4.19.0-6-arm64-di scsi-nic-modules-4.19.0-6-arm64-di loop-modules-4.19.0-6-arm64-di btrfs-modules-4.19.0-6-arm64-di ext4-modules-4.19.0-6-arm64-di isofs-modules-4.19.0-6-arm64-di jfs-modules-4.19.0-6-arm64-di xfs-modules-4.19.0-6-arm64-di fat-modules-4.19.0-6-arm64-di md-modules-4.19.0-6-arm64-di multipath-modules-4.19.0-6-arm64-di usb-modules-4.19.0-6-arm64-di usb-storage-modules-4.19.0-6-arm64-di fb-modules-4.19.0-6-arm64-di input-modules-4.19.0-6-arm64-di event-modules-4.19.0-6-arm64-di nic-usb-modules-4.19.0-6-arm64-di sata-modules-4.19.0-6-arm64-di i2c-modules-4.19.0-6-arm64-di crc-modules-4.19.0-6-arm64-di crypto-modules-4.19.0-6-arm64-di crypto-dm-modules-4.19.0-6-arm64-di
 efi-modules-4.19.0-6-arm64-di ata-modules-4.19.0-6-arm64-di mmc-modules-4.19.0-6-arm64-di nbd-modules-4.19.0-6-arm64-di squashfs-modules-4.19.0-6-arm64-di uinput-modules-4.19.0-6-arm64-di compress-modules-4.19.0-6-arm64-di leds-modules-4.19.0-6-arm64-di udf-modules-4.19.0-6-arm64-di fuse-modules-4.19.0-6-arm64-di mtd-core-modules-4.19.0-6-arm64-di linux-image-4.19.0-6-arm64
 linux-image-4.19.0-6-rt-arm64
Architecture: source
Version: 4.19.67+2+deb10u2
Distribution: buster-security
Urgency: high
Maintainer: Debian Kernel Team <debian-kernel@lists.debian.org>
Changed-By: Ben Hutchings <ben@decadent.org.uk>
Description:
 ata-modules-4.19.0-6-arm64-di - ATA disk modules (udeb)
 btrfs-modules-4.19.0-6-arm64-di - BTRFS filesystem support (udeb)
 cdrom-core-modules-4.19.0-6-arm64-di - CDROM support (udeb)
 compress-modules-4.19.0-6-arm64-di - lzo modules (udeb)
 crc-modules-4.19.0-6-arm64-di - CRC modules (udeb)
 crypto-dm-modules-4.19.0-6-arm64-di - devicemapper crypto module (udeb)
 crypto-modules-4.19.0-6-arm64-di - crypto modules (udeb)
 efi-modules-4.19.0-6-arm64-di - EFI modules (udeb)
 event-modules-4.19.0-6-arm64-di - Event support (udeb)
 ext4-modules-4.19.0-6-arm64-di - ext2/ext3/ext4 filesystem support (udeb)
 fat-modules-4.19.0-6-arm64-di - FAT filesystem support (udeb)
 fb-modules-4.19.0-6-arm64-di - Frame buffer support (udeb)
 fuse-modules-4.19.0-6-arm64-di - FUSE modules (udeb)
 i2c-modules-4.19.0-6-arm64-di - i2c support modules (udeb)
 input-modules-4.19.0-6-arm64-di - Input devices support (udeb)
 isofs-modules-4.19.0-6-arm64-di - ISOFS filesystem support (udeb)
 jfs-modules-4.19.0-6-arm64-di - JFS filesystem support (udeb)
 kernel-image-4.19.0-6-arm64-di - Linux kernel image and core modules for the Debian installer (udeb)
 leds-modules-4.19.0-6-arm64-di - LED modules (udeb)
 linux-image-4.19.0-6-arm64 - ${unsigned:DescriptionShort} (signed)
 linux-image-4.19.0-6-rt-arm64 - ${unsigned:DescriptionShort} (signed)
 loop-modules-4.19.0-6-arm64-di - Loopback filesystem support (udeb)
 md-modules-4.19.0-6-arm64-di - RAID and LVM support (udeb)
 mmc-modules-4.19.0-6-arm64-di - MMC/SD card modules (udeb)
 mtd-core-modules-4.19.0-6-arm64-di - MTD core (udeb)
 multipath-modules-4.19.0-6-arm64-di - Multipath support (udeb)
 nbd-modules-4.19.0-6-arm64-di - Network Block Device modules (udeb)
 nic-modules-4.19.0-6-arm64-di - NIC drivers (udeb)
 nic-shared-modules-4.19.0-6-arm64-di - Shared NIC drivers (udeb)
 nic-usb-modules-4.19.0-6-arm64-di - USB NIC drivers (udeb)
 nic-wireless-modules-4.19.0-6-arm64-di - Wireless NIC drivers (udeb)
 ppp-modules-4.19.0-6-arm64-di - PPP drivers (udeb)
 sata-modules-4.19.0-6-arm64-di - SATA drivers (udeb)
 scsi-core-modules-4.19.0-6-arm64-di - Core SCSI subsystem (udeb)
 scsi-modules-4.19.0-6-arm64-di - SCSI drivers (udeb)
 scsi-nic-modules-4.19.0-6-arm64-di - SCSI drivers for converged NICs (udeb)
 squashfs-modules-4.19.0-6-arm64-di - squashfs modules (udeb)
 udf-modules-4.19.0-6-arm64-di - UDF modules (udeb)
 uinput-modules-4.19.0-6-arm64-di - uinput support (udeb)
 usb-modules-4.19.0-6-arm64-di - USB support (udeb)
 usb-serial-modules-4.19.0-6-arm64-di - USB serial drivers (udeb)
 usb-storage-modules-4.19.0-6-arm64-di - USB storage support (udeb)
 xfs-modules-4.19.0-6-arm64-di - XFS filesystem support (udeb)
Changes:
 linux-signed-arm64 (4.19.67+2+deb10u2) buster-security; urgency=high
 .
   * Sign kernel from linux 4.19.67-2+deb10u2
 .
   * [x86] Add mitigation for TSX Asynchronous Abort (CVE-2019-11135):
     - KVM: x86: use Intel speculation bugs and features as derived in generic
       x86 code
     - x86/msr: Add the IA32_TSX_CTRL MSR
     - x86/cpu: Add a helper function x86_read_arch_cap_msr()
     - x86/cpu: Add a "tsx=" cmdline option with TSX disabled by default
     - x86/speculation/taa: Add mitigation for TSX Async Abort
     - x86/speculation/taa: Add sysfs reporting for TSX Async Abort
     - kvm/x86: Export MDS_NO=0 to guests when TSX is enabled
     - x86/tsx: Add "auto" option to the tsx= cmdline parameter
     - x86/speculation/taa: Add documentation for TSX Async Abort
     - x86/tsx: Add config options to set tsx=on|off|auto
     - x86/speculation/taa: Fix printing of TAA_MSG_SMT on IBRS_ALL CPUs
     TSX is now disabled by default; see
     Documentation/admin-guide/hw-vuln/tsx_async_abort.rst
   * [x86] KVM: Add mitigation for Machine Check Error on Page Size Change
     (aka iTLB multi-hit, CVE-2018-12207):
     - kvm: Convert kvm_lock to a mutex
     - kvm: x86: Do not release the page inside mmu_set_spte()
     - KVM: x86: make FNAME(fetch) and __direct_map more similar
     - KVM: x86: remove now unneeded hugepage gfn adjustment
     - KVM: x86: change kvm_mmu_page_get_gfn BUG_ON to WARN_ON
     - KVM: x86: add tracepoints around __direct_map and FNAME(fetch)
     - kvm: x86, powerpc: do not allow clearing largepages debugfs entry
     - KVM: vmx, svm: always run with EFER.NXE=1 when shadow paging is active
     - x86/bugs: Add ITLB_MULTIHIT bug infrastructure
     - cpu/speculation: Uninline and export CPU mitigations helpers
     - kvm: mmu: ITLB_MULTIHIT mitigation
     - kvm: Add helper function for creating VM worker threads
     - kvm: x86: mmu: Recovery of shattered NX large pages
     - Documentation: Add ITLB_MULTIHIT documentation
   * [x86] i915: Mitigate local privilege escalation on gen9 (CVE-2019-0155):
     - drm/i915: Rename gen7 cmdparser tables
     - drm/i915: Disable Secure Batches for gen6+
     - drm/i915: Remove Master tables from cmdparser
     - drm/i915: Add support for mandatory cmdparsing
     - drm/i915: Support ro ppgtt mapped cmdparser shadow buffers
     - drm/i915: Allow parsing of unsized batches
     - drm/i915: Add gen9 BCS cmdparsing
     - drm/i915/cmdparser: Use explicit goto for error paths
     - drm/i915/cmdparser: Add support for backward jumps
     - drm/i915/cmdparser: Ignore Length operands during command matching
     - drm/i915/cmdparser: Fix jump whitelist clearing
   * [x86] i915: Mitigate local denial-of-service on gen8/gen9 (CVE-2019-0154):
     - drm/i915: Lower RM timeout to avoid DSI hard hangs
     - drm/i915/gen8+: Add RC6 CTX corruption WA
Checksums-Sha1:
 cc23b78f34b7979f8397637d62046295416b8887 6565 linux-signed-arm64_4.19.67+2+deb10u2.dsc
 4b61db0666d6b07c4c4b36dd39cf01d5ac9ea944 1853188 linux-signed-arm64_4.19.67+2+deb10u2.tar.xz
Checksums-Sha256:
 675d0c52ce220667181b4dccea53069173a29b49d286fc1328ad8f9243cc5813 6565 linux-signed-arm64_4.19.67+2+deb10u2.dsc
 deda21f1cffdeb702e7cd719c9ae1385a0be173d30f1c92dbb05fb73cb95f31e 1853188 linux-signed-arm64_4.19.67+2+deb10u2.tar.xz
Files:
 c0ba4e47c2b0bde127c2e591deede7e3 6565 kernel optional linux-signed-arm64_4.19.67+2+deb10u2.dsc
 0bb64dd5ed7c017a73ebb03558a269cb 1853188 kernel optional linux-signed-arm64_4.19.67+2+deb10u2.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEE8nXL3e4u3Tgu6Vp6qgZoiu+K+NUFAl3JyBcACgkQqgZoiu+K
+NVkohAAhB49jFULu3u/NQx267COS7PSTiHEeTof2IEvhVCZimYwm+T3qEBDqRMY
rmge3/iF1DLu0rc4LyhZ74OVyGWMU24RYtbfMXNbq2BYvm3QkF5h+/1XJid0WBv+
nGnseZG9XCQBUWPUZp13I6i0p/Z2xlzOq4PssJATMXg/G3aGFBNOgDSeGMPjESg7
dGH6ANqLjoRzWLr55LtyaOH1eJwDzJA10ohTeGAbuGTKqrlHyPrjVst9676iLUE5
ulV7uS62um+bwQeuUKZqVrsxWQoVoxf3bYQnGJrfkWaZ3qOzO1xdAVF1pYKDooBM
CR9+1Lz23reXvY2byi95gpoMlJPchHybL6B1rtWKtiTeNwLR882CEpJtLdzfC68h
KsLIdzCybJADs6g2RziFfGwfVIQJWmhBPhqyeJ96r2f1FjDzaSeuNj0iPNnfGNOJ
AktPOihw5oZ6MNZpqf8v4Y3xGh2O22LrqcAmonjXhTbUWOV+DqVyJ+weSL7HEJHP
u1JMVMpvTQz8d126rKiHVZFvx3rQpMEq2VKz8MTORj/38IDj/T17n+ZkpvkKP7JT
nwLdWymKIpujBbc7WAugSZUV7mH2kaKVH1w0CrvTM1LaVSPi8Fc54VX85Q3/Sz0i
y3Fz7y0D38cTIMCtggKJX3eq8cb4owB6vSn4mAMI5UnMmfcVcVc=
=dABB
-----END PGP SIGNATURE-----
News for package linux-signed-arm64
