Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
1a11e655 by Salvatore Bonaccorso at 2025-05-01T07:01:22+02:00
Add entry for DLA-4150-1/uboot
Daniel Leidert, please do double-check correctness.
- - - - -
2 changed files:
- data/CVE/list
- data/DLA/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -244480,7 +244480,6 @@ CVE-2022-2348
CVE-2022-2347 (There exists an unchecked length field in UBoot. The U-Boot DFU
implem ...)
[experimental] - u-boot 2023.01~rc2+dfsg-1
- u-boot 2023.01~rc4+dfsg-2 (bug #1014959)
- [bullseye] - u-boot <no-dsa> (Minor issue)
[buster] - u-boot <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2022/07/08/2
NOTE:
https://source.denx.de/u-boot/u-boot/-/commit/fbce985e28eaca3af82afecc11961aadaf971a7e
(v2023.01-rc2)
@@ -246148,7 +246147,6 @@ CVE-2022-2260 (The GiveWP WordPress plugin before
2.21.3 does not have CSRF in p
NOT-FOR-US: WordPress plugin
CVE-2022-34835 (In Das U-Boot through 2022.07-rc5, an integer signedness error
and res ...)
- u-boot 2022.07+dfsg-1 (bug #1014529)
- [bullseye] - u-boot <no-dsa> (Minor issue)
[buster] - u-boot <no-dsa> (Minor issue)
NOTE: https://lists.denx.de/pipermail/u-boot/2022-June/486113.html
NOTE:
https://source.denx.de/u-boot/u-boot/-/commit/8f8c04bf1ebbd2f72f1643e7ad9617dafa6e5409
(v2022.07-rc6)
@@ -246324,7 +246322,6 @@ CVE-2021-46825 (Symantec Advanced Secure Gateway
(ASG) and ProxySG are susceptib
NOT-FOR-US: Symantec
CVE-2022-33967 (squashfs filesystem implementation of U-Boot versions from
v2020.10-rc ...)
- u-boot 2022.07+dfsg-1
- [bullseye] - u-boot <no-dsa> (Minor issue)
[buster] - u-boot <not-affected> (SquashFS support added in 2020.10)
NOTE: https://lists.denx.de/pipermail/u-boot/2022-June/487467.html
NOTE:
https://source.denx.de/u-boot/u-boot/-/commit/7f7fb9937c6cb49dd35153bd6708872b390b0a44
(v2022.07-rc6)
@@ -250768,7 +250765,6 @@ CVE-2022-33104
RESERVED
CVE-2022-33103 (Das U-Boot from v2020.10 to v2022.07-rc3 was discovered to
contain an ...)
- u-boot 2022.07+dfsg-1 (bug #1014528)
- [bullseye] - u-boot <no-dsa> (Minor issue)
[buster] - u-boot <not-affected> (SquashFS support added in 2020.10)
NOTE:
https://lore.kernel.org/all/CALO=dhfb+yboxxvr5kcsk0ifdg+e7ywko4-e+72kjbcs8jb...@mail.gmail.com/
NOTE:
https://lore.kernel.org/all/[email protected]/
@@ -257611,7 +257607,6 @@ CVE-2022-30793
CVE-2022-30790 (Das U-Boot 2022.01 has a Buffer Overflow, a different issue
than CVE-2 ...)
[experimental] - u-boot 2022.07~rc4+dfsg-1
- u-boot 2022.07+dfsg-1 (bug #1014470)
- [bullseye] - u-boot <no-dsa> (Minor issue)
[buster] - u-boot <no-dsa> (Minor issue)
[stretch] - u-boot <no-dsa> (Minor issue)
NOTE:
https://research.nccgroup.com/2022/06/03/technical-advisory-multiple-vulnerabilities-in-u-boot-cve-2022-30790-cve-2022-30552/
@@ -257719,7 +257714,6 @@ CVE-2022-30768 (A Stored Cross Site Scripting (XSS)
issue in ZoneMinder 1.36.12
CVE-2022-30767 (nfs_lookup_reply in net/nfs.c in Das U-Boot through 2022.04
(and throu ...)
[experimental] - u-boot 2022.07~rc4+dfsg-1
- u-boot 2022.07+dfsg-1 (bug #1014471)
- [bullseye] - u-boot <ignored> (Minor issue)
[buster] - u-boot <not-affected> (Incorrect fix for CVE-2019-14196 not
applied)
[stretch] - u-boot <not-affected> (Incorrect fix for CVE-2019-14196 not
applied)
NOTE: Introduced by:
https://github.com/u-boot/u-boot/commit/5d14ee4e53a81055d34ba280cb8fd90330f22a96
(v2019.10-rc4)
@@ -258303,7 +258297,6 @@ CVE-2022-30553
CVE-2022-30552 (Das U-Boot 2022.01 has a Buffer Overflow.)
[experimental] - u-boot 2022.07~rc4+dfsg-1
- u-boot 2022.07+dfsg-1 (bug #1014470)
- [bullseye] - u-boot <no-dsa> (Minor issue)
[buster] - u-boot <no-dsa> (Minor issue)
[stretch] - u-boot <no-dsa> (Minor issue)
NOTE:
https://research.nccgroup.com/2022/06/03/technical-advisory-multiple-vulnerabilities-in-u-boot-cve-2022-30790-cve-2022-30552/
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[01 May 2025] DLA-4150-1 u-boot - security update
+ {CVE-2019-14196 CVE-2022-2347 CVE-2022-30552 CVE-2022-30767
CVE-2022-30790 CVE-2022-33103 CVE-2022-33967 CVE-2022-34835 CVE-2024-57254
CVE-2024-57255 CVE-2024-57256 CVE-2024-57257 CVE-2024-57258 CVE-2024-57259}
+ [bullseye] - u-boot 2021.01+dfsg-5+deb11u1
[01 May 2025] DLA-4149-1 nagvis - security update
{CVE-2021-33178 CVE-2022-3979 CVE-2022-46945 CVE-2023-46287
CVE-2024-13722 CVE-2024-13723 CVE-2024-47093}
[bullseye] - nagvis 1:1.9.25-2+deb11u1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1a11e655a626faf7d75c052666a319a3043fcff6
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1a11e655a626faf7d75c052666a319a3043fcff6
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
