From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <salvatore.bonaccorso@gmail.com>
Received: from mail.linutronix.de (193.142.43.55:993) by
  crypto-ml.lab.linutronix.de with IMAP4-SSL for <speck@linutronix.de>; 08 Jun
  2020 19:06:30 -0000
Received: from mail-wr1-x42d.google.com ([2a00:1450:4864:20::42d])
	by Galois.linutronix.de with esmtps (TLS1.2:RSA_AES_128_CBC_SHA1:128)
	(Exim 4.80)
	(envelope-from <salvatore.bonaccorso@gmail.com>)
	id 1jiN6L-0005Ty-Rr
	for speck@linutronix.de; Mon, 08 Jun 2020 21:06:29 +0200
Received: by mail-wr1-x42d.google.com with SMTP id e1so18662551wrt.5
        for <speck@linutronix.de>; Mon, 08 Jun 2020 12:06:29 -0700 (PDT)
Received: from eldamar (80-218-24-251.dclient.hispeed.ch. [80.218.24.251])
        by smtp.gmail.com with ESMTPSA id
 u130sm422304wmg.32.2020.06.08.12.06.22        for <speck@linutronix.de>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);       
 Mon, 08 Jun 2020 12:06:22 -0700 (PDT)
Sender: Salvatore Bonaccorso <salvatore.bonaccorso@gmail.com>
Date: Mon, 8 Jun 2020 21:06:21 +0200
From: Salvatore Bonaccorso <carnil@debian.org>
Subject: [MODERATED] Debian problem with Slow Randomizing Boosts DoS
Message-ID: <20200608190621.GA2189328@eldamar.local>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
To: speck@linutronix.de
List-ID: <speck.linutronix.de>

Hi

A human error caused today that the changelog entry for the planned
4.9.210-1+deb9u1 upload in Debian covering the SRBDS mitigation
changes were for a short time leaked on
https://tracker.debian.org/linux (the message was sent as well to 56
subscribers for the tracker entry).

The leaked information covers the following changelog entries:

 linux (4.9.210-1+deb9u1) stretch-security; urgency=high
[...]
   * [x86] Add support for mitigation of Special Register Buffer Data Sampling
     (SRBDS) (CVE-2020-0543):
     - x86/cpu: Add 'table' argument to cpu_matches()
     - x86/speculation: Add Special Register Buffer Data Sampling (SRBDS)
       mitigation
     - x86/speculation: Add SRBDS vulnerability and mitigation documentation
     - x86/speculation: Add Ivy Bridge to affected list
   * [x86] speculation: Do not match steppings, to avoid an ABI change
[...]

The packages itself were not exposed. The NEWS entry on
https://tracker.debian.org/linux was removed.

On behalf I want to apologies for this mistake, and steps were taken
to avoid this in future.

Salvatore