[Git][security-tracker-team/security-tracker][master] u-boot/buster is not affected by CVE-2022-33103 and CVE-2022-33967

Adrian Bunk (@bunk) bunk at debian.org
Sun Feb 26 22:18:52 GMT 2023 


Adrian Bunk pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ab774c79 by Adrian Bunk at 2023-02-27T00:18:03+02:00
u-boot/buster is not affected by CVE-2022-33103 and CVE-2022-33967

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -54110,7 +54110,7 @@ CVE-2021-46825 (Symantec Advanced Secure Gateway (ASG) and ProxySG are susceptib
 CVE-2022-33967 (squashfs filesystem implementation of U-Boot versions from v2020.10-rc ...)
 	- u-boot 2022.07+dfsg-1
 	[bullseye] - u-boot <no-dsa> (Minor issue)
-	[buster] - u-boot <no-dsa> (Minor issue)
+	[buster] - u-boot <not-affected> (SquashFS support added in 2020.10)
 	NOTE: https://lists.denx.de/pipermail/u-boot/2022-June/487467.html
 	NOTE: https://source.denx.de/u-boot/u-boot/-/commit/7f7fb9937c6cb49dd35153bd6708872b390b0a44 (v2022.07-rc6)
 CVE-2022-2249 (Privilege escalation related vulnerabilities were discovered in Avaya  ...)
@@ -58531,7 +58531,7 @@ CVE-2022-33104
 CVE-2022-33103 (Das U-Boot from v2020.10 to v2022.07-rc3 was discovered to contain an  ...)
 	- u-boot 2022.07+dfsg-1 (bug #1014528)
 	[bullseye] - u-boot <no-dsa> (Minor issue)
-	[buster] - u-boot <no-dsa> (Minor issue)
+	[buster] - u-boot <not-affected> (SquashFS support added in 2020.10)
 	NOTE: https://lore.kernel.org/all/CALO=DHFB+yBoXxVr5KcsK0iFdg+e7ywko4-e+72kjbcS8JBfPw@mail.gmail.com/
 	NOTE: https://lore.kernel.org/all/20220609140206.297405-1-miquel.raynal@bootlin.com/
 	NOTE: Fixed by: https://source.denx.de/u-boot/u-boot/-/commit/2ac0baab4aff1a0b45067d0b62f00c15f4e86856 (v2022.07-rc5)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ab774c7963426287083136ecfb23136257b5a973

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ab774c7963426287083136ecfb23136257b5a973
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230226/91837b94/attachment.htm>

More information about the debian-security-tracker-commits mailing list