[Git][security-tracker-team/security-tracker][master] Reserve DLA-3380-1 for firmware-nonfree

Tobias Frost (@tobi) tobi at debian.org
Sat Apr 1 15:05:32 BST 2023 


Tobias Frost pushed to branch master at Debian Security Tracker / security-tracker


Commits:
28c0f5e8 by Tobias Frost at 2023-04-01T16:05:16+02:00
Reserve DLA-3380-1 for firmware-nonfree

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -221274,7 +221274,6 @@ CVE-2020-12364 (Null pointer reference in some Intel(R) Graphics Drivers for Win
 	[bullseye] - linux <ignored> (Too intrusive to backport)
 	[buster] - linux <ignored> (Too intrusive to backport)
 	- firmware-nonfree 20210208-1
-	[buster] - firmware-nonfree <no-dsa> (Minor issue, too intrusive to fix since kernel patch is needed)
 	[stretch] - firmware-nonfree <ignored> (Minor issue, too intrusive to fix since kernel patch is needed)
 	NOTE: Short of details: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00438.html
 	NOTE: Per Intel, this was fixed by a firmware update. v49.0.1 of the
@@ -221288,7 +221287,6 @@ CVE-2020-12363 (Improper input validation in some Intel(R) Graphics Drivers for
 	[bullseye] - linux <ignored> (Too intrusive to backport)
 	[buster] - linux <ignored> (Too intrusive to backport)
 	- firmware-nonfree 20210208-1
-	[buster] - firmware-nonfree <no-dsa> (Minor issue, too intrusive to fix since kernel patch is needed)
 	[stretch] - firmware-nonfree <ignored> (Minor issue, too intrusive to fix since kernel patch is needed)
 	NOTE: Short of details: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00438.html
 	NOTE: Per Intel, this was fixed by a firmware update. v49.0.1 of the
@@ -221302,7 +221300,6 @@ CVE-2020-12362 (Integer overflow in the firmware for some Intel(R) Graphics Driv
 	[bullseye] - linux <ignored> (Too intrusive to backport)
 	[buster] - linux <ignored> (Too intrusive to backport)
 	- firmware-nonfree 20210208-1
-	[buster] - firmware-nonfree <no-dsa> (Non-free not supported)
 	[stretch] - firmware-nonfree <ignored> (Minor issue, too intrusive to fix since kernel patch is needed)
 	NOTE: Short of details: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00438.html
 	NOTE: Per Intel, this was fixed by a firmware update. v49.0.1 of the


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[01 Apr 2023] DLA-3380-1 firmware-nonfree - security update
+	{CVE-2020-12362 CVE-2020-12363 CVE-2020-12364 CVE-2020-24586 CVE-2020-24587 CVE-2020-24588 CVE-2021-23168 CVE-2021-23223 CVE-2021-37409 CVE-2021-44545 CVE-2022-21181}
+	[buster] - firmware-nonfree 20190114+really20220913-0+deb10u1
 [01 Apr 2023] DLA-3379-1 intel-microcode - security update
 	{CVE-2022-21216 CVE-2022-21233 CVE-2022-33196 CVE-2022-33972 CVE-2022-38090}
 	[buster] - intel-microcode 3.20230214.1~deb10u1


=====================================
data/dla-needed.txt
=====================================
@@ -66,14 +66,6 @@ erlang
   NOTE: 20230111: VCS: https://salsa.debian.org/erlang-team/packages/erlang
   NOTE: 20230111: Maintainer notes: Coordinate with maintainer, whether their VCS can be used. Mail send to mailing list.
 --
-firmware-nonfree (tobi)
-  NOTE: 20220906: Consider to check the severity of the issues again and judge whether a correction is worth it.
-  NOTE: 20221204: Coming soon in the first week of December. (apo)
-  NOTE: 20221211: Programming language: Binary blob
-  NOTE: 20221211: VCS: https://salsa.debian.org/lts-team/packages/firmware-nonfree.git
-  NOTE: 20230302: Prepared new upstream version 20220913, with all firmwarefiles
-  NOTE: 20230302: re-added which had been dropped since buster-version and asked Ben for feedback.
---
 fusiondirectory
   NOTE: 20221203: Programming language: PHP.
   NOTE: 20221203: Please evaluate, whether the package can be fixed (gladk).



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/28c0f5e85a04740a5e228ec75a25765919d08f80

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/28c0f5e85a04740a5e228ec75a25765919d08f80
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230401/030c9a54/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list