Source: u-boot Version: 2024.01+dfsg-7 Severity: important Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi, The following vulnerabilities were published for u-boot. CVE-2024-57254[0]: | Integer overflow in U-Boot's SquashFS symlink size calculation | function CVE-2024-57255[1]: | Integer overflow in U-Boot's SquashFS symlink resolution function CVE-2024-57256[2]: | Integer overflow in U-Boot's ext4 symlink resolution function CVE-2024-57257[3]: | Stack overflow in U-Boot's SquashFS symlink resolution function CVE-2024-57258[4]: | Multiple integer overflows in U-Boot's memory allocator CVE-2024-57259[5]: | Heap corruption in U-Boot's SquashFS directory listing function If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2024-57254 https://www.cve.org/CVERecord?id=CVE-2024-57254 [1] https://security-tracker.debian.org/tracker/CVE-2024-57255 https://www.cve.org/CVERecord?id=CVE-2024-57255 [2] https://security-tracker.debian.org/tracker/CVE-2024-57256 https://www.cve.org/CVERecord?id=CVE-2024-57256 [3] https://security-tracker.debian.org/tracker/CVE-2024-57257 https://www.cve.org/CVERecord?id=CVE-2024-57257 [4] https://security-tracker.debian.org/tracker/CVE-2024-57258 https://www.cve.org/CVERecord?id=CVE-2024-57258 [5] https://security-tracker.debian.org/tracker/CVE-2024-57259 https://www.cve.org/CVERecord?id=CVE-2024-57259 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
