[Git][security-tracker-team/security-tracker][master] dla: add firmware-nonfree + fix triage

Sylvain Beucler (@beuc) Thu, 02 May 2024 06:56:04 -0700


Sylvain Beucler pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
127467c1 by Sylvain Beucler at 2024-05-02T15:54:27+02:00
dla: add firmware-nonfree + fix triage

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -22485,7 +22485,6 @@ CVE-2023-35061 (Improper initialization for some 
Intel(R) PROSet/Wireless and In
        - firmware-nonfree <unfixed> (bug #1064229)
        [bookworm] - firmware-nonfree <no-dsa> (Non-free not supported)
        [bullseye] - firmware-nonfree <no-dsa> (Non-free not supported)
-       [buster] - firmware-nonfree <no-dsa> (Non-free not supported)
        NOTE: 
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00947.html
        NOTE: Fixed upstream in linux-firmware/20231211
 CVE-2023-35060 (Uncontrolled search path in some Intel(R) Battery Life 
Diagnostic Tool ...)
@@ -22496,7 +22495,6 @@ CVE-2023-34983 (Improper input validation for some 
Intel(R) PROSet/Wireless and
        - firmware-nonfree <unfixed> (bug #1064229)
        [bookworm] - firmware-nonfree <no-dsa> (Non-free not supported)
        [bullseye] - firmware-nonfree <no-dsa> (Non-free not supported)
-       [buster] - firmware-nonfree <no-dsa> (Non-free not supported)
        NOTE: 
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00947.html
        NOTE: Fixed upstream in linux-firmware/20231211
 CVE-2023-34351 (Buffer underflow in some Intel(R) PCM software before version 
202307 m ...)
@@ -22507,7 +22505,6 @@ CVE-2023-33875 (Improper access control for some 
Intel(R) PROSet/Wireless and In
        - firmware-nonfree <unfixed> (bug #1064229)
        [bookworm] - firmware-nonfree <no-dsa> (Non-free not supported)
        [bullseye] - firmware-nonfree <no-dsa> (Non-free not supported)
-       [buster] - firmware-nonfree <no-dsa> (Non-free not supported)
        NOTE: 
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00947.html
        NOTE: Fixed upstream in linux-firmware/20231211
 CVE-2023-33870 (Insecure inherited permissions in some Intel(R) Ethernet tools 
and dri ...)
@@ -22516,7 +22513,6 @@ CVE-2023-32651 (Improper validation of specified type 
of input for some Intel(R)
        - firmware-nonfree <unfixed> (bug #1064229)
        [bookworm] - firmware-nonfree <no-dsa> (Non-free not supported)
        [bullseye] - firmware-nonfree <no-dsa> (Non-free not supported)
-       [buster] - firmware-nonfree <no-dsa> (Non-free not supported)
        NOTE: 
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00947.html
        NOTE: Fixed upstream in linux-firmware/20231211
 CVE-2023-32647 (Improper access control in some Intel(R) XTU software before 
version 7 ...)
@@ -22527,14 +22523,12 @@ CVE-2023-32644 (Protection mechanism failure for some 
Intel(R) PROSet/Wireless a
        - firmware-nonfree <unfixed> (bug #1064229)
        [bookworm] - firmware-nonfree <no-dsa> (Non-free not supported)
        [bullseye] - firmware-nonfree <no-dsa> (Non-free not supported)
-       [buster] - firmware-nonfree <no-dsa> (Non-free not supported)
        NOTE: 
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00947.html
        NOTE: Fixed upstream in linux-firmware/20231211
 CVE-2023-32642 (Insufficient adherence to expected conventions for some 
Intel(R) PROSe ...)
        - firmware-nonfree <unfixed> (bug #1064229)
        [bookworm] - firmware-nonfree <no-dsa> (Non-free not supported)
        [bullseye] - firmware-nonfree <no-dsa> (Non-free not supported)
-       [buster] - firmware-nonfree <no-dsa> (Non-free not supported)
        NOTE: 
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00947.html
        NOTE: Fixed upstream in linux-firmware/20231211
 CVE-2023-32618 (Uncontrolled search path in some Intel(R) oneAPI Toolkit and 
component ...)
@@ -22555,14 +22549,12 @@ CVE-2023-28720 (Improper initialization for some 
Intel(R) PROSet/Wireless and In
        - firmware-nonfree <unfixed> (bug #1064229)
        [bookworm] - firmware-nonfree <no-dsa> (Non-free not supported)
        [bullseye] - firmware-nonfree <no-dsa> (Non-free not supported)
-       [buster] - firmware-nonfree <no-dsa> (Non-free not supported)
        NOTE: 
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00947.html
        NOTE: Fixed upstream in linux-firmware/20231211
 CVE-2023-28374 (Improper input validation for some Intel(R) PROSet/Wireless 
and Intel( ...)
        - firmware-nonfree <unfixed> (bug #1064229)
        [bookworm] - firmware-nonfree <no-dsa> (Non-free not supported)
        [bullseye] - firmware-nonfree <no-dsa> (Non-free not supported)
-       [buster] - firmware-nonfree <no-dsa> (Non-free not supported)
        NOTE: 
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00947.html
        NOTE: Fixed upstream in linux-firmware/20231211
 CVE-2023-49721 (An insecure default to allow UEFI Shell in EDK2 was left 
enabled in LX ...)
@@ -78658,14 +78650,12 @@ CVE-2023-26586 (Uncaught exception for some Intel(R) 
PROSet/Wireless and Intel(R
        - firmware-nonfree <unfixed> (bug #1064229)
        [bookworm] - firmware-nonfree <no-dsa> (Non-free not supported)
        [bullseye] - firmware-nonfree <no-dsa> (Non-free not supported)
-       [buster] - firmware-nonfree <no-dsa> (Non-free not supported)
        NOTE: 
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00947.html
        NOTE: Fixed upstream in linux-firmware/20231211
 CVE-2023-25951 (Improper input validation for some Intel(R) PROSet/Wireless 
and Intel( ...)
        - firmware-nonfree <unfixed> (bug #1064229)
        [bookworm] - firmware-nonfree <no-dsa> (Non-free not supported)
        [bullseye] - firmware-nonfree <no-dsa> (Non-free not supported)
-       [buster] - firmware-nonfree <no-dsa> (non-free not supported)
        NOTE: 
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00947.html
        NOTE: Fixed upstream in linux-firmware/20231211
 CVE-2023-25757 (Improper access control in some Intel(R) Unison(TM) software 
before ve ...)


=====================================
data/dla-needed.txt
=====================================
@@ -81,6 +81,9 @@ edk2
   NOTE: 20231230: CVE-2019-11098 fixed via bullseye 11.2 (lamby)
   NOTE: 20240312: CVE-2023-48733 fixed via DSA-5624-1 (Beuc/front-desk)
 --
+firmware-nonfree
+  NOTE: 20240502: Added by Front-Desk (Beuc)
+--
 freeimage
   NOTE: 20240320: Added by Front-Desk (ta)
   NOTE: 20240320: lots of postponed issue could be fixed as well



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/127467c109abb8cac3a1274be3caa387d413a83a

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/127467c109abb8cac3a1274be3caa387d413a83a
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] dla: add firmware-nonfree + fix triage

Reply via email to