Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker
Commits: 127467c1 by Sylvain Beucler at 2024-05-02T15:54:27+02:00 dla: add firmware-nonfree + fix triage - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -22485,7 +22485,6 @@ CVE-2023-35061 (Improper initialization for some Intel(R) PROSet/Wireless and In - firmware-nonfree <unfixed> (bug #1064229) [bookworm] - firmware-nonfree <no-dsa> (Non-free not supported) [bullseye] - firmware-nonfree <no-dsa> (Non-free not supported) - [buster] - firmware-nonfree <no-dsa> (Non-free not supported) NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00947.html NOTE: Fixed upstream in linux-firmware/20231211 CVE-2023-35060 (Uncontrolled search path in some Intel(R) Battery Life Diagnostic Tool ...) @@ -22496,7 +22495,6 @@ CVE-2023-34983 (Improper input validation for some Intel(R) PROSet/Wireless and - firmware-nonfree <unfixed> (bug #1064229) [bookworm] - firmware-nonfree <no-dsa> (Non-free not supported) [bullseye] - firmware-nonfree <no-dsa> (Non-free not supported) - [buster] - firmware-nonfree <no-dsa> (Non-free not supported) NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00947.html NOTE: Fixed upstream in linux-firmware/20231211 CVE-2023-34351 (Buffer underflow in some Intel(R) PCM software before version 202307 m ...) @@ -22507,7 +22505,6 @@ CVE-2023-33875 (Improper access control for some Intel(R) PROSet/Wireless and In - firmware-nonfree <unfixed> (bug #1064229) [bookworm] - firmware-nonfree <no-dsa> (Non-free not supported) [bullseye] - firmware-nonfree <no-dsa> (Non-free not supported) - [buster] - firmware-nonfree <no-dsa> (Non-free not supported) NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00947.html NOTE: Fixed upstream in linux-firmware/20231211 CVE-2023-33870 (Insecure inherited permissions in some Intel(R) Ethernet tools and dri ...) @@ -22516,7 +22513,6 @@ CVE-2023-32651 (Improper validation of specified type of input for some Intel(R) - firmware-nonfree <unfixed> (bug #1064229) [bookworm] - firmware-nonfree <no-dsa> (Non-free not supported) [bullseye] - firmware-nonfree <no-dsa> (Non-free not supported) - [buster] - firmware-nonfree <no-dsa> (Non-free not supported) NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00947.html NOTE: Fixed upstream in linux-firmware/20231211 CVE-2023-32647 (Improper access control in some Intel(R) XTU software before version 7 ...) @@ -22527,14 +22523,12 @@ CVE-2023-32644 (Protection mechanism failure for some Intel(R) PROSet/Wireless a - firmware-nonfree <unfixed> (bug #1064229) [bookworm] - firmware-nonfree <no-dsa> (Non-free not supported) [bullseye] - firmware-nonfree <no-dsa> (Non-free not supported) - [buster] - firmware-nonfree <no-dsa> (Non-free not supported) NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00947.html NOTE: Fixed upstream in linux-firmware/20231211 CVE-2023-32642 (Insufficient adherence to expected conventions for some Intel(R) PROSe ...) - firmware-nonfree <unfixed> (bug #1064229) [bookworm] - firmware-nonfree <no-dsa> (Non-free not supported) [bullseye] - firmware-nonfree <no-dsa> (Non-free not supported) - [buster] - firmware-nonfree <no-dsa> (Non-free not supported) NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00947.html NOTE: Fixed upstream in linux-firmware/20231211 CVE-2023-32618 (Uncontrolled search path in some Intel(R) oneAPI Toolkit and component ...) @@ -22555,14 +22549,12 @@ CVE-2023-28720 (Improper initialization for some Intel(R) PROSet/Wireless and In - firmware-nonfree <unfixed> (bug #1064229) [bookworm] - firmware-nonfree <no-dsa> (Non-free not supported) [bullseye] - firmware-nonfree <no-dsa> (Non-free not supported) - [buster] - firmware-nonfree <no-dsa> (Non-free not supported) NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00947.html NOTE: Fixed upstream in linux-firmware/20231211 CVE-2023-28374 (Improper input validation for some Intel(R) PROSet/Wireless and Intel( ...) - firmware-nonfree <unfixed> (bug #1064229) [bookworm] - firmware-nonfree <no-dsa> (Non-free not supported) [bullseye] - firmware-nonfree <no-dsa> (Non-free not supported) - [buster] - firmware-nonfree <no-dsa> (Non-free not supported) NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00947.html NOTE: Fixed upstream in linux-firmware/20231211 CVE-2023-49721 (An insecure default to allow UEFI Shell in EDK2 was left enabled in LX ...) @@ -78658,14 +78650,12 @@ CVE-2023-26586 (Uncaught exception for some Intel(R) PROSet/Wireless and Intel(R - firmware-nonfree <unfixed> (bug #1064229) [bookworm] - firmware-nonfree <no-dsa> (Non-free not supported) [bullseye] - firmware-nonfree <no-dsa> (Non-free not supported) - [buster] - firmware-nonfree <no-dsa> (Non-free not supported) NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00947.html NOTE: Fixed upstream in linux-firmware/20231211 CVE-2023-25951 (Improper input validation for some Intel(R) PROSet/Wireless and Intel( ...) - firmware-nonfree <unfixed> (bug #1064229) [bookworm] - firmware-nonfree <no-dsa> (Non-free not supported) [bullseye] - firmware-nonfree <no-dsa> (Non-free not supported) - [buster] - firmware-nonfree <no-dsa> (non-free not supported) NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00947.html NOTE: Fixed upstream in linux-firmware/20231211 CVE-2023-25757 (Improper access control in some Intel(R) Unison(TM) software before ve ...) ===================================== data/dla-needed.txt ===================================== @@ -81,6 +81,9 @@ edk2 NOTE: 20231230: CVE-2019-11098 fixed via bullseye 11.2 (lamby) NOTE: 20240312: CVE-2023-48733 fixed via DSA-5624-1 (Beuc/front-desk) -- +firmware-nonfree + NOTE: 20240502: Added by Front-Desk (Beuc) +-- freeimage NOTE: 20240320: Added by Front-Desk (ta) NOTE: 20240320: lots of postponed issue could be fixed as well View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/127467c109abb8cac3a1274be3caa387d413a83a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/127467c109abb8cac3a1274be3caa387d413a83a You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits