Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted amd64-microcode 3.20251202.1 (source) into unstable
Date: Sat, 06 Dec 2025 15:48:46 +0000
Signed by: Henrique de Moraes Holschuh <hmh@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 06 Dec 2025 12:04:29 -0300
Source: amd64-microcode
Architecture: source
Version: 3.20251202.1
Distribution: unstable
Urgency: medium
Maintainer: Henrique de Moraes Holschuh <hmh@debian.org>
Changed-By: Henrique de Moraes Holschuh <hmh@debian.org>
Closes: 1101350 1109035 1110987 1120005
Changes:
 amd64-microcode (3.20251202.1) unstable; urgency=medium
 .
   * Update package data from linux-firmware 20251202
     * ATTENTION: regression risk if backported to stable or LTS.
       The amd processor microcode updates in this release will not load on
       systems with outdated BIOS vulnerable to "Entrysign" unless a number of
       kernel patches are present.
     * amd-tee: update AMD PMF TA Firmware to v3.1.
     * amd-ucode: update with release 2025-12-02:
       + SECURITY UPDATE (AMD-SB-7055 / CVE-2025-62626)
         Fix RDSEED Failure on more AMD Zen 5 Processor models
         (closes: #1120005)
     * amd-ucode: update with release 2025-11-13:
       + SECURITY UPDATE (AMD-SB-7055 / CVE-2025-62626)
         Fix RDSEED Failure on more AMD Zen 5 Processor models
     * amd-ucode: update with release 2025-10-30:
       + SECURITY UPDATE (AMD-SB-7055 / CVE-2025-62626)
         Fix RDSEED Failure on some AMD Zen 5 Processor models
     + amd-ucode: update with release 2025-10-27:
       * This is the final microcode release for systems that have not
         been updated to fix vulnerability AMD-SB-7033 "Entrysign").
       * A kernel update is needed for the microcode driver to be able
         to select the appropriate microcode updates for outdated system
         firmware vulnerable to "Entrysign".
       * On non-updated kernels, this will potentially *regress* the
         microcode version on the running system back to the one in the
         (outdated, unpatched-for-Entrysign) BIOS.
     + amd-ucode: update with release 2025-07-29:
       + SECURITY UPDATE (AMD-SB-7029: CVE-2024-36350, CVE-2024-36357):
         Mitigate transient execution vulnerabilities in some AMD processors
         which might allow an attacker to infer data from previous stores
         (TSA-SQ) or data in the L1D cache (TSA-L1), potentially resulting in
         the leakage of privileged information and sensitive information across
         priviledged boundaries (closes: #1109035)
       * NOTE: Requires kernel and hypervisor changes for the security
         mitigations to be applied (issue VERW instruction at appropriate
         times).
   * initramfs: guard against copying non-microcode data into the
     early-initramfs bundle, for the benefit of those that copy all files from
     linux-firmware into /lib/firmware/*.  Thanks to Eric Valette for tracking
     it down (closes: #1101350)
   * debian/control: recommend cpio (closes: #1110987)
   * NEWS.Debian: update for post-Entrysign microcode updates
     Document that kernel patches are needed to avoid regressing the microcode
     release on vulnerable Zen2/3/4 systems (family 0x19), and also that these
     systems will not receive any future microcode updates.
Checksums-Sha1:
 88199f24dd54604166dbb04f47b4a263c0fb4292 1716 amd64-microcode_3.20251202.1.dsc
 3424ce8d6b278792d13eab59eeec93994e750ee1 445344 amd64-microcode_3.20251202.1.tar.xz
 17be9261de885f70b384ccaf4578580934ecbbab 5788 amd64-microcode_3.20251202.1_amd64.buildinfo
Checksums-Sha256:
 bfc0ff51d9482e90ddb1d24b888e7ed44f5d2bc13b13c928faba4e743b3a1760 1716 amd64-microcode_3.20251202.1.dsc
 df83c9de9bca9d351b20ec9f550884ababce8f376502bb0f58ee201d564261fe 445344 amd64-microcode_3.20251202.1.tar.xz
 0e58a22e098ea4c245241f24e1632f257f82278b7f7311bd2e2e18a9e81a2c5a 5788 amd64-microcode_3.20251202.1_amd64.buildinfo
Files:
 ea64dcf9e92d673bd4e02848c363f589 1716 non-free-firmware/admin standard amd64-microcode_3.20251202.1.dsc
 be3c290005cd452c82b3af23d6a53c6e 445344 non-free-firmware/admin standard amd64-microcode_3.20251202.1.tar.xz
 6363ab7ab8b694ae664e06a93b5a4dd0 5788 non-free-firmware/admin standard amd64-microcode_3.20251202.1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJDBAEBCgAtFiEEpvbMGUAhfu+gsYOwlOXoPKamj0cFAmk0SZYPHGhtaEBkZWJp
YW4ub3JnAAoJEJTl6Dympo9He+AP/jlYk0RwB2JziGRicS242C0trW/a6PS++9P6
TUJq/2K//HqhmR9C45YovMwkI7WEQtoPILyWC5UihdCLblTeu7zMJ1Dw38yK8Xog
kQEusrQmMx1++e0Aflrx5SfjinbN8Xk62Yr7vgJFwth3xlKwx0CHhwIYU5JqfhAX
wPxUapniTFrIaHRvT3momXMIzUD7ZKvAE+5zm483u1eQE/6J7LlJkdHJkMnTFWPL
jcAtlo4a9xOaTfmsd+ZJVaFw4iSiNqWQiZK9GnKVOLSkWE8Q5E6ythjxZbmj4FlK
tzMU1SbTkUt9CffeaW+KQ9jc7MSUWoYNPC2rM76mXf1pSTGuq9LDXMUhL+nhqoEP
K8kIHHfSaJQL7IcDF+qGuCX05UxSAfCDOJ4bKbXXsfK2qf33C88p+5f9uVaNATcc
f5kx2m0fXEWgMOhp+XmL5B0PchcY8VfkRuM0lFYQYW2rsg8VKpcWrBfnM+KEUuWh
sG0yg4psiPx1zGZsgp+jN3pI6sgMKtQyBmAbA+1F8dlZ6UPVCbTKo5d8HUFkYh/G
y8vhw3JC0rvN6ZZgnnh2qeeJsIrIMLbexO3FKsx7ZfLutDe9m+V2CFfNjcY5poZL
868wraj89YbiUo1BILMiRTeIN9atkgSt54GTBLiov3y9U8jM9kKsaM6OSIMOMwTN
glb6H25l
=JSpY
-----END PGP SIGNATURE-----
News for package amd64-microcode
