Upstream Spectre CVE Patch Availability

Upstream Spectre CVE Patch Availability

[Brian Inglis]

Hi folks,

Not seen any posts here about the monster in the chip yet (although those who
might know may be busy dealing with the issues in their jobs), so has anyone any
idea if or when we might see upstream Spectre CVE patches available for the
following packages, whose bases have been mentioned in the many articles
published recently, and has anyone seen mention of any other packages likely to
be affected?

cygwin32-gcc-core 6.4.0-1
djgpp-gcc-core 5.4.0-1
gcc-core 6.4.0-4
libjavascriptcoregtk3.0_0 2.0.4-5
libvirt-common 3.6.0-1
libwebkitgtk3.0_0 2.0.4-5
mingw64-i686-gcc-core 6.4.0-1
mingw64-x86_64-gcc-core 6.4.0-2

-- 
Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: Upstream Spectre CVE Patch Availability

[Brian Inglis]

On 2018-01-18 18:45, Brian Inglis wrote:
> Hi folks,
> 
> Not seen any posts here about the monster in the chip yet (although those who
> might know may be busy dealing with the issues in their jobs), so has anyone any
> idea if or when we might see upstream Spectre CVE patches available for the
> following packages, whose bases have been mentioned in the many articles
> published recently, and has anyone seen mention of any other packages likely to
> be affected?
> 
> cygwin32-gcc-core 6.4.0-1
> djgpp-gcc-core 5.4.0-1
> gcc-core 6.4.0-4
> libjavascriptcoregtk3.0_0 2.0.4-5
> libvirt-common 3.6.0-1
> libwebkitgtk3.0_0 2.0.4-5
> mingw64-i686-gcc-core 6.4.0-1
> mingw64-x86_64-gcc-core 6.4.0-2

Forgot about:

llvm 5.0.1-1

-- 
Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: Upstream Spectre CVE Patch Availability

[Yaakov Selkowitz]

[-- Attachment #1.1: Type: text/plain, Size: 752 bytes --]

On 2018-01-18 19:45, Brian Inglis wrote:
> Not seen any posts here about the monster in the chip yet (although those who
> might know may be busy dealing with the issues in their jobs), so has anyone any
> idea if or when we might see upstream Spectre CVE patches available for the
> following packages, whose bases have been mentioned in the many articles
> published recently, and has anyone seen mention of any other packages likely to
> be affected?

The most important thing you can do is make sure you apply all Windows
updates.  To whatever degree these can be mitigated in userspace, we're
all still waiting for code to land elsewhere (namely, Fedora); we simply
don't have the resources to work on this ourselves.

-- 
Yaakov


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 228 bytes --]