Commit 9e6aec2c authored by intrigeri's avatar intrigeri
Browse files

Install amd64-microcode and intel-microcode from sid (refs: #15148).

On the short term, this allows us to get the mitigation against
Spectre (CVE-2017-5715).

While this could be done via our freeze exception mechanism, instead I chose to
bump APT snapshots and add APT pinning to install these packages from sid for
the foreseeable future: keeping CPU microcode up-to-date has become an important
factor in securing systems these days and such security updates land faster in
sid than anywhere else in Debian.
parent 21823873
Package: amd64-microcode
Pin: release o=Debian,n=sid
Pin-Priority: 999
Package: aufs-dkms
Pin: release o=Debian,n=sid
Pin-Priority: 999
......@@ -32,6 +36,10 @@ Package: gir1.2-gdkpixbuf-2.0 libgdk-pixbuf2.0-*
Pin: version 2.36.5-2.0tails*
Pin-Priority: -1
Package: intel-microcode
Pin: release o=Debian,n=sid
Pin-Priority: 999
Package: linux-compiler-* linux-headers-* linux-image-* linux-kbuild-* linux-source-*
Pin: release o=Debian,n=sid
Pin-Priority: 999
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment