Bug#952935: marked as done (CVE-2019-14575)

Sat, 25 Apr 2020 08:06:40 -0700 

Your message dated Sat, 25 Apr 2020 15:02:09 +0000
with message-id <[email protected]>
and subject line Bug#952935: fixed in edk2 0~20181115.85588389-3+deb10u1
has caused the Debian Bug report #952935,
regarding CVE-2019-14575
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
952935: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=952935
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Source: edk2
Severity: important
Tags: security

This was assigned CVE-2019-14575:
https://bugzilla.tianocore.org/show_bug.cgi?id=1608

Cheers,
        Moritz

--- End Message ---
--- Begin Message --- 
Source: edk2
Source-Version: 0~20181115.85588389-3+deb10u1
Done: dann frazier <[email protected]>

We believe that the bug you reported is fixed in the latest version of
edk2, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
dann frazier <[email protected]> (supplier of updated edk2 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 23 Apr 2020 13:33:06 -0600
Source: edk2
Architecture: source
Version: 0~20181115.85588389-3+deb10u1
Distribution: buster
Urgency: medium
Maintainer: Debian QEMU Team <[email protected]>
Changed-By: dann frazier <[email protected]>
Closes: 952926 952935
Changes:
 edk2 (0~20181115.85588389-3+deb10u1) buster; urgency=medium
 .
   * Fix numeric truncation in S3BootScript[Save]*() API. (CVE-2019-14563)
   * Fix use-after-free in PcdHiiOsRuntimeSupport. (CVE-2019-14586)
   * Clear memory before free to avoid potential password leak.
     (CVE-2019-14558)
   * Fix double-unmap in SdMmcCreateTrb(). This did not impact any
     of the images built from this package. (CVE-2019-14587)
   * Fix memory leak in ArpOnFrameRcvdDpc(). (CVE-2019-14559)
   * Fix issue that could allow an efi image with a blacklisted hash in the
     dbx to be loaded. (CVE-2019-14575) (Closes: 952935)
   * Fix a memory leak in the ARP handler. (CVE-2019-14559) (Closes: #952926)
Checksums-Sha1:
 150dc0656c39a007e960ad6c9c2a83eeaa2e59b3 2370 
edk2_0~20181115.85588389-3+deb10u1.dsc
 7e9ba917698f038494c060121fe2b1c12425a3ae 32708 
edk2_0~20181115.85588389-3+deb10u1.debian.tar.xz
 6270ca5e1d741a1e1a5d2ddac97a03a9e7bd82bd 6458 
edk2_0~20181115.85588389-3+deb10u1_source.buildinfo
Checksums-Sha256:
 cf3257cd8798568fda539d5a7268fabddc46989fa015747fcd8f92ca95ee3581 2370 
edk2_0~20181115.85588389-3+deb10u1.dsc
 4933cb459bb91e3af7e8886eedbf0d0a4fd0c6d312c3f7155691d7138d23c184 32708 
edk2_0~20181115.85588389-3+deb10u1.debian.tar.xz
 e3c2110960829bfa7cdf4fc09cb2fd470fb4aca8a26627303d383722e1861cef 6458 
edk2_0~20181115.85588389-3+deb10u1_source.buildinfo
Files:
 6450f6ce2f0361a22858b4dc1729ffc7 2370 misc optional 
edk2_0~20181115.85588389-3+deb10u1.dsc
 06c0a8324dd766bb4b8b8e5d971f6df4 32708 misc optional 
edk2_0~20181115.85588389-3+deb10u1.debian.tar.xz
 39738f08c2b85a32e945aca4dae61d2c 6458 misc optional 
edk2_0~20181115.85588389-3+deb10u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJFBAEBCgAvFiEECfR9vy0y7twkQ+vuG/g8XlT8hkAFAl6h7w8RHGRhbm5mQGRl
Ymlhbi5vcmcACgkQG/g8XlT8hkAXjA/7BjByQd9p2T+NoOYTnOT4Qs5JNM3RfiN0
DNDQIKSV2HY7Z8/SHoZtLIqZZ68u7jwcDb93mEMuW9T/Wqqpj3QV9DhosdX4+DQC
J2yq+J5BwPqTLXxkxwkH/OFHSz+jilGBIQrWX9e9OW2NluyhNc05BJ5nI3vo1Lq3
BufovtsQVzxhWD9EUU0KM4BPeUje9xV60ldDquPxP4axHLjdbHMdP2HhoTD8H4a0
PmVY1SO6EmESh+NlJZJCuu7YV2x5wmT92ngQyhTF++kJzfMzKyQBho0iiej0kj2e
4JkF0NjrVfSHVy8hVpMt4p2c5poxOjtkeoj5wzPG/oC9KXYcRzQoIzNWlO5184Wk
ztQTozVOltSoSlullxtr1Jse428J6mxPWq3O6bbiO1g5aPuSNWKhZUNP2ipC8Wg9
yfjAs6IO1zl3UhD33U1qR3mL5f5bu8AKNIkFrFDx0fMBv8Ry9FgZktvBxonsYTXT
zfyliE4VNOc0STYg27661tf+KX6hg+YqEYujWoV/CnVF9yS9WNJxT/Z65zoIpPcX
9C7DiiIMpH8to8OoKbWKhH1+pstM4osznJsKIN6BmyXfENxQsYW852aueCbCk9RM
0lOVvANplbQhJXLr+A/yRbgfVEmVmTG2W3GIc+qsLOGP9P+WayouOBo474vca26T
9JuWhoY/LFQ=
=ftfW
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to