Markus Koschany pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
679538a4 by Markus Koschany at 2025-06-02T14:46:42+02:00
Reserve DLA-4207-1 for edk2
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -106063,7 +106063,6 @@ CVE-2024-23847 (Incorrect default permissions issue
exists in Unifier and Unifie
CVE-2024-1298 (EDK2 contains a vulnerability when S3 sleep is activated where
an Atta ...)
- edk2 2024.05-1
[bookworm] - edk2 2022.11-6+deb12u2
- [bullseye] - edk2 <no-dsa> (Minor issue)
NOTE:
https://github.com/tianocore/edk2/security/advisories/GHSA-chfw-xj8f-6m53
NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=4677
NOTE: https://github.com/tianocore/edk2/pull/5659
@@ -147975,49 +147974,42 @@ CVE-2023-45236 (EDK2's Network Package is
susceptible to a predictable TCP Initi
CVE-2023-45235 (EDK2's Network Package is susceptible to a buffer overflow
vulnerabili ...)
- edk2 2023.11-6 (bug #1061256)
[bookworm] - edk2 2022.11-6+deb12u1
- [bullseye] - edk2 <no-dsa> (Minor issue)
[buster] - edk2 <no-dsa> (Minor issue)
NOTE:
https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html
NOTE: https://www.openwall.com/lists/oss-security/2024/01/16/2
CVE-2023-45234 (EDK2's Network Package is susceptible to a buffer overflow
vulnerabili ...)
- edk2 2023.11-6 (bug #1061256)
[bookworm] - edk2 2022.11-6+deb12u1
- [bullseye] - edk2 <no-dsa> (Minor issue)
[buster] - edk2 <no-dsa> (Minor issue)
NOTE:
https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html
NOTE: https://www.openwall.com/lists/oss-security/2024/01/16/2
CVE-2023-45233 (EDK2's Network Package is susceptible to an infinite lop
vulnerability ...)
- edk2 2023.11-6 (bug #1061256)
[bookworm] - edk2 2022.11-6+deb12u1
- [bullseye] - edk2 <no-dsa> (Minor issue)
[buster] - edk2 <no-dsa> (Minor issue)
NOTE:
https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html
NOTE: https://www.openwall.com/lists/oss-security/2024/01/16/2
CVE-2023-45232 (EDK2's Network Package is susceptible to an infinite loop
vulnerabilit ...)
- edk2 2023.11-6 (bug #1061256)
[bookworm] - edk2 2022.11-6+deb12u1
- [bullseye] - edk2 <no-dsa> (Minor issue)
[buster] - edk2 <no-dsa> (Minor issue)
NOTE:
https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html
NOTE: https://www.openwall.com/lists/oss-security/2024/01/16/2
CVE-2023-45231 (EDK2's Network Package is susceptible to an out-of-bounds read
vulner ...)
- edk2 2023.11-6 (bug #1061256)
[bookworm] - edk2 2022.11-6+deb12u1
- [bullseye] - edk2 <no-dsa> (Minor issue)
[buster] - edk2 <no-dsa> (Minor issue)
NOTE:
https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html
NOTE: https://www.openwall.com/lists/oss-security/2024/01/16/2
CVE-2023-45230 (EDK2's Network Package is susceptible to a buffer overflow
vulnerabili ...)
- edk2 2023.11-6 (bug #1061256)
[bookworm] - edk2 2022.11-6+deb12u1
- [bullseye] - edk2 <no-dsa> (Minor issue)
[buster] - edk2 <no-dsa> (Minor issue)
NOTE:
https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html
NOTE: https://www.openwall.com/lists/oss-security/2024/01/16/2
CVE-2023-45229 (EDK2's Network Package is susceptible to an out-of-bounds read
vulner ...)
- edk2 2023.11-6 (bug #1061256)
[bookworm] - edk2 2022.11-6+deb12u1
- [bullseye] - edk2 <no-dsa> (Minor issue)
[buster] - edk2 <no-dsa> (Minor issue)
NOTE:
https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html
NOTE: https://www.openwall.com/lists/oss-security/2024/01/16/2
@@ -251546,7 +251538,6 @@ CVE-2022-36766
CVE-2022-36765 (EDK2 is susceptible to a vulnerability in the CreateHob()
function, al ...)
- edk2 2023.11-5 (bug #1060408)
[bookworm] - edk2 2022.11-6+deb12u1
- [bullseye] - edk2 <no-dsa> (Minor issue)
[buster] - edk2 <no-dsa> (Minor issue)
NOTE:
https://github.com/tianocore/edk2/security/advisories/GHSA-ch4w-v7m3-g8wx
NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=4166
@@ -251554,7 +251545,6 @@ CVE-2022-36765 (EDK2 is susceptible to a
vulnerability in the CreateHob() functi
CVE-2022-36764 (EDK2 is susceptible to a vulnerability in the
Tcg2MeasurePeImage() fun ...)
- edk2 2023.11-5 (bug #1060408)
[bookworm] - edk2 2022.11-6+deb12u1
- [bullseye] - edk2 <no-dsa> (Minor issue)
[buster] - edk2 <no-dsa> (Minor issue)
NOTE:
https://github.com/tianocore/edk2/security/advisories/GHSA-4hcq-p8q8-hj8j
NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=4118
@@ -251562,7 +251552,6 @@ CVE-2022-36764 (EDK2 is susceptible to a
vulnerability in the Tcg2MeasurePeImage
CVE-2022-36763 (EDK2 is susceptible to a vulnerability in the
Tcg2MeasureGptTable() fu ...)
- edk2 2023.11-5 (bug #1060408)
[bookworm] - edk2 2022.11-6+deb12u1
- [bullseye] - edk2 <no-dsa> (Minor issue)
[buster] - edk2 <no-dsa> (Minor issue)
NOTE:
https://github.com/tianocore/edk2/security/advisories/GHSA-xvv8-66cq-prwr
NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=4117
@@ -320505,7 +320494,6 @@ CVE-2021-38579
RESERVED
CVE-2021-38578 (Existing CommBuffer checks in SmmEntryPoint will not catch
underflow w ...)
- edk2 2022.11-1 (bug #1014468)
- [bullseye] - edk2 <no-dsa> (Minor issue)
[buster] - edk2 <no-dsa> (Minor issue)
NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=3387
NOTE: https://edk2.groups.io/g/devel/message/90516
@@ -320514,13 +320502,11 @@ CVE-2021-38577
REJECTED
CVE-2021-38576 (A BIOS bug in firmware for a particular PC model leaves the
Platform a ...)
- edk2 2021.11-1 (bug #1014468)
- [bullseye] - edk2 <no-dsa> (Minor issue)
[buster] - edk2 <no-dsa> (Minor issue)
NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=3499
NOTE: Fixed by https://github.com/tianocore/edk2/pull/1968
CVE-2021-38575 (NetworkPkg/IScsiDxe has remotely exploitable buffer overflows.)
- edk2 2021.08-1
- [bullseye] - edk2 <no-dsa> (Minor issue)
[buster] - edk2 <no-dsa> (Minor issue)
[stretch] - edk2 <no-dsa> (Minor issue)
NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=3356
@@ -347407,7 +347393,6 @@ CVE-2021-3436 (BT: Possible to overwrite an existing
bond during keys distributi
NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2021-28216 (BootPerformanceTable pointer is read from an NVRAM variable in
PEI. Re ...)
- edk2 2021.11~rc1-1
- [bullseye] - edk2 <no-dsa> (Minor issue)
[buster] - edk2 <no-dsa> (Minor issue)
[stretch] - edk2 <no-dsa> (Minor issue)
NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=2957
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[02 Jun 2025] DLA-4207-1 edk2 - security update
+ {CVE-2021-28216 CVE-2021-38575 CVE-2021-38576 CVE-2021-38578
CVE-2022-36763 CVE-2022-36764 CVE-2022-36765 CVE-2023-45229 CVE-2023-45230
CVE-2023-45231 CVE-2023-45232 CVE-2023-45233 CVE-2023-45234 CVE-2023-45235
CVE-2024-1298 CVE-2024-38796}
+ [bullseye] - edk2 2020.11-2+deb11u3
[02 Jun 2025] DLA-4206-1 asterisk - security update
{CVE-2025-47779 CVE-2025-47780}
[bullseye] - asterisk 1:16.28.0~dfsg-0+deb11u7
=====================================
data/dla-needed.txt
=====================================
@@ -80,13 +80,6 @@ dnsdist
NOTE: 20250521: Added by Front-Desk (Beuc)
NOTE: 20250521: Also fix postponed issue (Beuc/front-desk)
--
-edk2 (Markus Koschany)
- NOTE: 20240815: Added by Front-Desk (Beuc)
- NOTE: 20240815: bullseye did not get most of DSA 5624-1 security fixes,
- NOTE: 20240815: (10 ipv6-related, postponed CVEs), plus there are older
postponed vulnerabilities (Beuc/front-desk)
- NOTE: 20241105: maintainer proposed opu debdiff for CVE-2024-38796 and
CVE-2024-1298, https://bugs.debian.org/1086762 (santiago)
- NOTE: 20250511: WIP. I believe have addressed all remaining issues now. (apo)
---
epiphany-browser
NOTE: 20250429: Added by Front-Desk (lamby)
NOTE: 20250429: Changes the UI to prompt when opening URLs in external
applications. (lamby)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/679538a43c49048a2ac59a887574c5ac3ed46461
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/679538a43c49048a2ac59a887574c5ac3ed46461
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
